It is pleasing to see more and more organisations wise up to security risks and proactively take measures to protect staff and company assets from the various attacks the exist out in the wild. The cyber security landscape changes regularly and rapidly, and it is up all of us to keep on top of it. Security is everyone's responsibility, and thus we all need to pull together and do our bit. However, with all the tools and protective measures that we are putting in place, how would we actually act in the event of an attack? If the red light started vigorously flashing and the alarm starting going haywire, what actually would you do 🤔? More importantly, do you know what your organisation expects you to do 🧐?\n\nHeadless Chickens\n\nSo why am I bringing this up? Having the most impenetrable tools within your company is meaningless if no one knows how to use them. Also, having the best policies, procedures and action plans are a waste of the paper they are printed on (or hard disk drives they are saved to) if no one has read them and their location is obscure. It is important to implement these tools, write these documents and actually educate people about what is expected of them and where they can find further information and reading material. If these elements are unknown, then how can we realistically keep the attackers out?\n\nA pile of hidden policies!\n\nCase in point, assuming that your company has installed the finest malware detection and prevention system money can buy and has installed it on every machine on your network, how would you find out important details about it? Do you even know what it is called and who produces it? Before you dismiss what I'm saying, YES you do need to be able to answer these questions because what if this shiny tool suddenly displays a MASSIVE alert window in the top-right area of your screen screaming that "a threat has been discovered on your machine"? Firstly, how would you know that the window is even legitimate if you don't know what tool your company uses? I'm pretty sure an alert like this would freak you out if you didn't know that this kind of software was even installed on your machine!\n\nOkay, so you have a massive window on your screen insinuating that hackers throwing a party on your machine and are performing dastardly deeds with your company's data, now what? What do you do?\n\nDo you turn your machine off using the standard shutdown procedure? This might be prevented by your anti-malware software, your OS, or even the attackers. How would you know?\n\nDo you HARD shutdown your machine by holding down the power button until the it clicks off or pull the power cord out of the wall? This might stop your anti-malware software from properly isolating and dealing with the threat.\n\nDo you leave your machine running and pray that your anti-malware software does "it's thing"? That may allow attackers to cause more damage on your system and the company network. Also, should you even be trusting the error window in the first place 🤔?\n\nDo you ignore it as it is only a false positive? A false positive is something which isn't a threat incorrectly identified as one. How on earth could you be sure of this?\n\nMan stressed out with all the possible security decisions!\n\nThis is the issue when blindly trusting software and machines, if you haven't been properly briefed and trained beforehand, you won't be adequately equipped when it comes to making an important decision that needs to be done RAPIDLY. In an emergency situation, it is likely that only a subset of the options specified will flash through someone's mind, and the consequences that I have highlighted not given ANY thought whatsoever. We are in crisis mode, there is no time to actually THINK! This is why we need to consider these measures in moments of still and calm.\n\nProper Instructions\n\nAs an employee of the company, it shouldn't be expected of you to determine the correct actions to take in the event of a threat being discovered on your machine or on the network. The same security team responsible for putting that software on your machine are also responsible for creating an action plan for such circumstances and to make this plan widely available for people to find and read. This will detail EXACTLY what the company expects you to do when that window pops up so you aren't left wondering and subsequently exposing the company infrastructure to further risk caused by inactivity.\n\nPlay by play board\n\nSo, does your company have such a plan? If so, where is it? Can you find it and print off a copy? What other security plans has your company published and where are these stored? If your company doesn't have such action plan(s), why not? What named individual(s) would you need to speak to regarding matters like this? These are all important questions as they ultimately affect how ALL members of staff need to behave in crisis situations that can easily arise. One person only needs to click on the wrong email, visit the wrong website in the wrong browser, insert the wrong USB pen drive into a corporate machine for the floodgates to burst open. As that water hurtles at you at tremendous speed, you need to ACT, not ponder policy or even worse, ACT IN THE WRONG WAY 😲!\n\nIf your company doesn't have security action plans, I highly suggest that you ask for them to be put in place. They might be an overhead at the beginning, but acting in a proactive manner will save you so much in the future WHEN (not if) you are attacked. Attackers don't care about your ethics, morals, initiatives and internal policies, they care about getting in by any means necessary and by exploiting ANY weakness you have to do so.\n\nWe Are Responsible\n\nSecurity is everyone's responsibility, and we all need to proactively take that responsibility seriously. Whilst we are making great strides with securing our infrastructure with the latest and greatest tools, we need to make sure that we understand these tools and know how to use them. It is also important that we take the time to plan and internally publish the unambiguous tasks that everyone should perform should we become the unwitting victims of a nasty attack. It is only when we are prepared can we properly withstand the bad people out there who want to cause us harm.\n\nTake care and all the best, Si.