Regularly communicate the contact information to ensure awareness and preparedness.Optimal Security Incident Reporting Channels

The question posed in the title of this article is important. Every organization should clearly define reporting channels for security incidents. Larger organizations will typically have a particular number the user is to call and report the potential incident, but sadly, this is not always the case. In many large organizations, when you ask employees to whom they should report an incident, a significant percentage respond with, “I don’t know.”

Do you know who to contact to update your driver’s license? Do you know who to contact to file your taxes? Yes, maybe you have to look up the number each time because you do it infrequently, but you know who to contact. The same should be true for the reporting of a security incident.

Regardless of the size of the business, it is important for employees to know this information. In smaller organizations, it is likely to be a specific person that they should contact. In larger organizations, it is likely to be a department. In both cases, the organization should establish it clearly.

Effective Communication Practices

I recommend three things related to security incident reporting:

  1. Ensure it is a phone number that they call to report the incident and not an email address. It is easier to intercept an email than a phone call if the attacker is covering that angle. Both are possible, but the email intercept is typically easier.
  2. Ensure you communicate the contact information to employees on their first day of employment. This prevents a gap wherein a new employee may become a potential target for attackers, and the employee lacks the knowledge required to report it.
  3. Regularly communicate the contact information to ensure awareness and preparedness. This will provide a dual benefit in that it ensures they have the information, and it reminds them that they should be aware of their environment and report potential incidents.

By following these three simple guidelines, you will significantly protect your employees and ensure they report incidents properly.

Share This Story, Choose Your Platform!

Recent Post