Think fast: what’s the first thing you do after realizing you just replied to the email from the Nigerian prince wanting to give you a sum of $34 million?
Okay, you most likely didn’t reply to that … but the concept still remains. Do you know what to do immediately upon discovering a virus, an email threat or some other cybersecurity issue?
You need to have step-by-step instructions about what to do if employees believe they have witnessed a cyber-incident. Training needs to happen now — not when the problem is happening. A basic training program can be very effective.
All part of a simple yet powerful employee cybersecurity plan: guidance on physically disconnecting the machine from the network or cutting off power to the machine; direction to notify the company’s IT department or provider of any suspicious emails or unusual activity; and instruction on what to do when a mobile device is lost.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.