Thank you Melissa G. for clarifying what I wrote, because, yes, this is eaxctly what I was looking for. But no, I did not yet have any specific aspect in mind, I guess we're really still right at the very beginning wit this.
Hi Community, I hope everyone is doing fine and the temperatures are still bearable at your workplace. I have another best-practice question regarding the cyber attack we experienced two weeks ago. On last year's Human Firewall Conference I attended a presentation where the speaker said that it would be good to practise cyber security incidents in the same way as other security incidents (e.g. test fire alarms etc.). My question is: Do some of you have experiences with this? How exactly can praticing a cyber security incident look like? Would you need a test system or is there a way to practice this in the live-environment - and if so, how? Is there anyone how has a playbook or templates for something that could help when we would like to try this for the first time? Any advice is much appreciated. Many thanks π
Thank you very much Bas v. and Gordon S. for all your very helpful tips and ideas! A lot of things that we will definitely consider, especially as some of them will be easy to implement in the short term. And for the longer term, we might also look into a 24/7 SOC/SIEM/MDR/MXDR solution. Melissa G. We only had a emergency guide/playbook for our IT Team, but not for our employees. Of course the topic of how to react in an emergency has been brought to the employees in the past, but this incident showed us that we definitely need to make improvements in our communication and to emphasise the importance with other methods. That's why the ideas and tips were so super helpful π
Hi Community, I hope everyone is doing fine. I think I could use the community's help and wanted to ask for your advice/best practices. We had a successful phishing attempt last week, one of our employees clicked on a link to open a document and entered his Microsoft credentials. Lucky enough, the attackers did not cause any major damage, but βonlyβ sent further phishing emails from his email account. Since the whole thing happened on a public holiday in most parts of Germany, and Microsoft quickly detected suspicious activity, blocked the employee's account and deactivated the link in the email, we seem to have got off lightly. However, we realised that we need to work on our emergency plan for such incidents here and there. Among other things, we had the problem that the affected employee did not know how to contact IT to report the incident, as his Microsoft account was blocked and he could no longer access anything. Additionally, we realised that some internal colleagues also received the phishing email from our colleague, but very few reported it and no one recognised the urgency of the situation and tried to contact IT directly (by phone). Are there any ideas or best practices in the community on how to deal with this? How do you ensure that employees know how to contact IT in such situations? We will of course follow up on the incident internally and will ask everyone to save the IT emergency number in their phones, but is that enough or can we do more? And how do you ensure that employees know when it is sufficient to report the email (e.g. via the phishing button) and when they need to contact IT immediately, even if it's a holiday or the weekend? Of course, our IT is worried everyone will call all the time if we stress too much that they should do so in an emergency. How can we strike the right balance here? I would really appreciate your thoughts on this π
