While most employees may not play a part in their organization’s incident response plan, creating a similar type of document can help through some of the cybersecurity events outside of work that affect your family circle. IT won’t always be there to save us, so it is crucial that we know how to properly handle a scenario on our own. A good incident response plan will focus on five key areas: Preparation, Detection, Response, Recovery and Learning.
Preparation is Key before a cyber incident. A great first step is to identify a team that can help provide guidance and assistance though the incident. For at-home incidents, think about your family members, friends or a colleague that may have some cybersecurity knowledge. This team won’t need to have weekly meetings or sign any contract, but the idea is that can be a quick resource to you if a cybersecurity incident occurs. Consider a group text where the participants can talk though a “fishy” email or when a computer is exhibiting odd behaviour. With your team in place, make sure you are taking the appropriate steps to keep your devices protected to mitigate the probability or impact of a security incident.
Here are some recommended steps to consider:
1. Backup your data – if something were to go wrong, having access to your data can be your safety net to fall back on. This could be an inexpensive cloud backup or an external hard drive.
2. Invest in an anti-virus and anti-malware solution on all your devices and make sure they are consistently patched for security updates.
3. Educate your family members on the security threats that are out there and how to avoid them. Make sure your circle know what action they should take if something were to occur.
Detect and Respond
To respond appropriately to an incident, we must be able to detect when and indecent occurs. The challenge here is these events can be very obvious such as a ransomware notification on your screen or could be a silent spyware attack stealing information behind the curtain. The best advice is to stay alert for all issues or warning signs on your devices at work and at home. Tune into any performance issues or inconsistent behaviour. If you do detect a possible issue, respond as soon as possible! If the issue is affecting a work device, contact IT and your supervisor as soon as possible.
If it’s a personal device, ask for the support of your incident response team and consider some of these additional tips that may help you respond.
1. Unplug or shut down your device. Doing this will help stop the issue from spreading to other devices that it maybe connected to.
2. Try restarting your device in “safe mode”, this allows the user to safely troubleshoot and eradicate a potential issue on a device without the risk of further exploitation.
3. Do some research. Using a safe device, investigate the issue by searching for some of the key details. There may be helpful information from others who experienced the same or similar situation.
4. Don’t panic! Cybercriminals rely on their victims acting irrationally. Don’t be rushed into calling a special number or installing a piece of software meant to fix your issue.
Stick to your plan and work with your team to talk through the best course of action. If your personal device is still behaving erratically or if you are still receiving notification of a malicious virus that your tools were not able to remove, consider contacting IT or a trusted computer repair centre. For serious situations, consider contacting your local law enforcement or consumer protection agency.
Recovery and Learning
The recovery stage is all about getting back to business as usual and a full recovery is easier to achieve when the proper preparation, detection and response are applied rom your incident response plan.
Here are some helpful tips when working through your recovery stage.
1. Make sure the “fire” is completely extinguished. After a certain event, certain strains of malware or viruses could lay undetected by our tools with the goal of springing back to life to strike again at a later point. Not sure if you’ve successfully eliminated the threat? Check with an expert or look for additional tools that can do a deeper scan to make sure your device is safe to resume operations.
2. Kick your backup into motion. If you’ve followed the steps in the preparation stage, you should have an up-to-date backup that you can recover from if there was any issue of data loss. After recovery, it’s time to take a step back to learn from the experience. Try understanding the key questions of Who, What, When, Where, Why and How. Without a proper understanding of what went wrong, it becomes much easier to experience a similar situation in the future. Share what you’ve learned from your experience with your friends, family, and co-workers. The same or similar event can occur for others so providing information on avoiding or responding to the event can help protect someone else.
Remember some of the key steps such as preparation, detection, response, recovery and learning. Think of this plan like a fire drill at your household and run through some practice sessions to make sure the plan is going to work the way you expect it to. Make sure everyone in your family circle is understanding of these steps and on the same page.