Think fast: what’s the first thing you do after realizing you just replied to the email from the Nigerian prince wanting to give you a sum of $34 million?
Okay, you most likely didn’t reply to that … but the concept still remains. Do you know what to do immediately upon discovering a virus, an email threat or another cybersecurity issue?
You need to have step-by-step instructions about what to do if employees believe they have witnessed a cyber-incident. Training needs to happen NOW — not when the problem is happening.
A simple training program can be very effective. Things like physically disconnecting the machine from the network (or the power from the machine), notifying your IT department/provider of any suspicious emails or unusual activity and what to do if you lose your mobile device are all parts of a simple yet effective employee cybersecurity plan.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.