Security Incidents & Where to Report Them
See Something, Say Something!
It’s more important than ever to be a cyber-savvy employee.
“Employees are the weakest link to cyber security in any business.” – Forbes.com
One wrong click on a link or downloading a phishing email’s attachment can bring a network to a crashing halt.
As a cyber-savvy employee, you play a HUGE role preventing your business from becoming a victim to cyber criminals.
These cyber criminals exploit a variety if threat vectors, including email, network traffic, user behavior, and application traffic to insert ransomware.
Incidents to Report in…
Phishing. If you see an unusual email, don’t hesitate to report it.
Smishing. If you receive bogus looking text messages with links, never click on them.
SPIM. Spam sent via instant messages that also have links, never click.
Privileged Access. Never give you login credentials to anyone. If you feel you’ve been given access to information unnecessary, don’t be afraid to speak up.
Tailgating. If you see someone sneak into a secured area or checkpoint by following someone else who has legitimate access, they’re tailgating.
Piggybacking. Similar to tailgating, except the person with legitimate access allowed the other person in.
Malicious media. Finding a random USB or optical disc may be tempting to view on your computer, but they are possibly infected with auto-run malicious software.
Vishing. When someone calls trying to convince the other person to give sensitive information over the phone. Can be either automated or a real person calling.
In-person pretexting. When you come face to face with a social engineer. They will visit you face to face to try and gain sensitive information from you.They may be disguised as a FedEx guy, water or telephone repair-person.
Disgruntled employees. If you see an employee acting erratically or suspiciously, report them immediately. Disgruntled employees threaten both cyber and physicals safety!
Incident Response in Action
What is an Incident Response?
Incident response is the process of recognizing, identifying, and reporting a potential security incident to the appropriate party. Be sure to follow our incident response policy. If you’re not sure, ask!
Both of these scenarios qualify as security events.
You receive a phone call from someone claiming to be IT and needing your login credentials to update your security software. However, since you’re a cyber-savvy person, you wonder why an IT Admin is breaking policy and asking for your password, Why can’t they just do the upgrade remotely without your help? What do you do next?
While signing for a package in the lobby, you notice someone swipe their badge and enter the building. However, you also notice that someone slips in behind them before the door could lock. And the first person with the badge didn’t even notice someone used them to sneak in. You’re probably the only person that noticed. Now what do you do?
In Scenario 1, you can just hang up and go on with the rest of your day. But what is the scammer calls back and someone else falls for their scheme? By immediately reporting this incident, you help spread awareness and lower the chances of a data breach. This is the telephone equivalent of phishing. It’s called vishing. Vishing is a scam whereby the attacker attempts to convince someone to relinquish sensitive information over the phone.
in Scenario 2, someone has gained unauthorized access. This person may not have malicious intentions in mind, but that does NOT matter. What matters is making sure only those with proper credentials are allowed into access-controlled areas, and anyone without proper credentials should be reported ASAP! This is a way to help prevent incidents in the future. This incident is known as tailgating BTW.
Security Incident vs. Data Breach: What’s the Difference?
A security incident is when any cyber, human, or physical event potentially threatens the confidentiality, integrity or availability of our data or resources. That could mean a system being infected with malware. It could be website defacement. It could be an unauthorized person gaining access to somewhere they shouldn’t be, It could mean being knocked offline by a distributed denial of service (DDos) attack.
A data breach, is a severe security event where information such as passwords, identification numbers, trade secrets, intellectual property, or anything that falls under the PII (personally identifiable information) umbrella, is leaked.
Basically, all data breaches are security incidents but not all security incidents are data breaches. Regardless of definitions, they all need to be reported ASAP. When in doubt, ask!
The bottom line…
When you see something, ANYTHING that could be a potential security incident such as a phishing email, phone call asking for credentials, a suspicious package, an open door that’s usually locked– you need to report it!
Remember, there’s no stupid questions when it comes to our collective security.
Security incidents ARE going to happen, sometimes because of mistakes and sometimes because of things beyond our control. What’s important is how we handle them. If we don’t report them, even the little things that may seem unimportant – chances are they will happen again.
The way that we handle incidents is just as important as what we do to prevent them!
Good security comes from timely response. Report security incidents immediately!
Let’s take a look at some security incident examples and how to properly respond:
Receive a phishing email? > Report it so your teammates and co-workers can be alerted.
Notice someone not wearing a badge in an access-controlled area? > Kindly escort them to the proper location and alert a supervisor.
Receive a phishy phone call asking for private information? > Don’t just hang up; make a detailed report and send it to the appropriate party.
Other Useful Resources:
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Report Phishing attempts to online service provider when applicable (such as Google, Apple, and Amazon).
Forward phishing emails to:
Thanks for reading. If you have any questions or tech tips, please be sure to leave them in the comments!
Mitigate security risks with our security bundle.
Everything you need! We make it EASY!
Ransomware employee training is also included.
Call now for a FREE customized Quote: (619) 325-0990