When it comes to cyber security incidents, you cannot be too cautious. Even a minor breach can have major consequences.
Since the lockdown began, more cyber risks have been faced by businesses, consumers, and all other users of the internet than ever before. In a May 2020 survey commissioned by Barracuda Networks, 51% of respondents had already seen an increase in email phishing attacks since shifting to a remote working model.
What’s worse, theft of private, financial, and/or other sensitive data can occur without any symptoms. By the time a suspected breach is reported, it may be too late.
If a cyber security incident is suspected, a fast response by your internal or external cyber security team is critical.
But your team can only respond when they are informed of an event. A delay in internal reporting can mean the difference between simple mitigation and significant damage.
When a Cyber Security Incident Occurs
Often, someone who falls for a cyber criminal’s lure will immediately realize that they made a mistake.
But the natural reaction for many people is to try to cover up an incident. They may even attempt to resolve the problem by themselves. Most people don’t want to be viewed as someone who fell for a trick.
Unfortunately, the act of trying to hide a cyber security incident always makes the situation worse.
Staff should be made aware that the consequences of either failing to report, delaying to report, or attempting to cover up an incident are far more dire than quickly reporting a suspected event.
In fact, employees should be encouraged to speak up. They should be assured that speaking up about a cyber issue will not be viewed in a negative light.
Instructing Your Team
Here are the types of instructions that can be provided to staff:
- Report potential threats immediately, even if you are not sure a breach has occurred
- Do not try to remedy the situation yourself
- Do not continue using a system that has or may have suffered a breach
- Do not reboot your computer, or delete anything that could be evidence. Breaches are easier to remedy if a cyber security expert can tell what happened.
- It is okay to disconnect your computer or device from the network or the internet
Cyber attack vectors change continually, which means that cyber security training is a key component of prevention. Employees should attend periodic cyber security refresh courses—quarterly at a minimum.
Reporting Incidents to Government
The U.S. federal government is particularly concerned with cyber incidents that result in “significant damage.” The government encourages the reporting of all cyber incidents that may:
- Result in a significant loss of data, system availability, or control of systems
- Impact a large number of victims
- Indicate unauthorized access to, or malicious software present on, critical information technology systems
- Affect critical infrastructure or core government functions
- Impact national security, economic security, or public health and safety
However, any level of cyber intrusion can be reported to your nearest FBI field office.
State of California Reporting Requirements
California law requires businesses to notify any California resident whose unencrypted personal identifiable information (PII) “was acquired, or reasonably believed to have been acquired, by an unauthorized person.”
If there was a breach of personal information that involved more than 500 California residents, by law, this data security breach form must be submitted to the State of California Department of Justice.
As with internal reporting, quick external reporting is important—and it’s required by law in some cases. The more time that has passed since a cyber security incident occurred, the more difficult it will be to mitigate the consequences of the event.