Cyber Security: Knowing how to Handle Incidents Is as Important as Preventing Them
Assume one of your employees inadvertently clicks on a 'dirty' link. The screen goes blank and a message then appears requesting a bitcoin payment to release the system.
How would your average employee react?
Scenario 1
The employee is scared senseless and doesn't know what to do. She decides to fetch a random colleague and asks him to take a look at her computer. Unfortunately, they can only stare blankly at the screen, as neither one has the faintest idea what to do.
Scenario 2
The employee is scared senseless and after recovering from the initial shock decides she should contact the IT department. Since her computer has been hijacked, she can't look up their contact details online so she goes around asking co-workers for the number.
Scenario 3
The employee is shocked but knows she should phone the IT department. Luckily, the number is displayed on a sticker on her computer screen. After a few minutes, she manages to speak with an IT help desk operator. The operator doesn't immediately understand the situation and tries to reach the company's IT security officer. Unfortunately, he is unable to do so and asks the employee to call back tomorrow.
Scenario 4
The employee curses herself for not having been more careful but immediately pulls herself together, refers to the cyber incident chart, which all employees received, and contacts the responsible person in the IT department. The IT department immediately mobilizes the incident team, and each member starts handling the incident in accordance with the procedures discussed during their annual training sessions.
If you picked scenario 1, 2 or 3, you should start working on your incident handling procedure as soon as possible! While it's unrealistic to think that you'll be able to avoid cyber security incidents altogether, you can put in place appropriate procedures to mitigate the adverse effects of such incidents and ensure compliance with the applicable statutory obligations, such as the duty to notify data breaches.
If you are looking for inspiration for you incident handling process, the Cyber Security Coalition, a Belgian partnership between players from the academic world, the public authorities and the private sector, has put together an Incident Management Guide which provides useful information in this regard.
More information about the NautaDutilh Compliance team can be found here.