Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

3 Common Mistakes Companies Make When Responding to Security Incidents

Education | Privacy Assessments

It’s ten p.m. on a weekend night. You’re relaxing at home when your phone rings. It’s your chief information security officer. Your company has experienced a security incident and panic starts to set in.

While no company wants to deal a security incident, it is nearly impossible to avoid one.  How you respond is key to your company’s future. Your company’s response can either result in a quickly resolved incident or a slew of costly mistakes. Below are a few examples of shortfalls that affect companies when encountering an incident.

Not Being Prepared

It’s a fairly common thought: “That will never happen to me.”

Maybe you thought your company was safe from cyber-attacks or that no one would ever want to attack your business, but the truth is, cyber-attacks are on the rise and attackers launch thousands of attacks a day on various targets.

To prepare your business for a security incident, start by formulating answers to the following questions:

  • What data was compromised or stolen?
  • How did the attacker get into our systems?
  • How long has the attacker been in our systems?
  • Where did they go within the systems?

People and processes also play an important role in minimizing damage. That employee who always goes above and beyond to get the job done? She is probably working remotely as well as in your office. She might be transferring sensitive files between devices. She is not intentionally trying to cause harm, but by not following your company’s security protocol she is putting your company in danger.

“Employees and negligence will continue to be the leading cause of security incidents in the next year,” reports Experian.

By having the proper security personnel in place, such as a chief security officer, chief information security officer, or a leader who is in charge of company security and protocols, you can keep up with what is happening with your cybersecurity.

The process piece of the puzzle involves both educating employees on the proper security protocols and having a process in place in the event of an incident.

Not Using Alternative Means of Communication

There is a reason law enforcement doesn’t like the media to broadcast its location when dealing with a sensitive incident: it can impact the success of their efforts.

The same holds true when dealing with a compromised system. Do you use your company’s e-mail servers to communicate regarding the incident? Or, for example, are you compiling documentation about the incident on your company’s internal server? Unless you are certain the hackers have been removed from your system, they could be reading all communications about the incident and receiving valuable information about your next steps.

If you need to make calls after your system has been breached, try using your mobile device or another telephone outside of your system’s network. Use e-mail accounts not associated with your company’s server to communicate with others.

Not Acknowledging the Incident

It can be easy to put a security incident out of mind quickly, but if you do you’re likely missing out on valuable information. Whether an intruder was stopped before gaining access to your system or you are dealing with a breach, it is important to examine what happened. You could discover a flaw in your incident response protocol, or realize you need additional employee training.

By having your people and processes in place before an incident, you could help save your company time, salvage your reputation, and put processes in place that keeps the company safe in the future.

About JUSTIN DYKES

Justin Dykes is a Managing Director at Schellman where he leads the SOC engagements and various other attestation services on the west coast. Justin has been with Schellman since 2005 and has managed a large portion of the west coast SOC engagements over more than a decade. Prior to joining Schellman, Justin was a senior consultant with a Big 4 audit firm where he was responsible for providing IT and business process consulting services to many Fortune 500 companies across the world.