The ‘spotting incidents’ awareness and training module concerns vigilance, early detection and (where appropriate) prompt reporting of a deliberately diverse set of information-related concerns and incidents such as:
- Application failures e.g. business apps refusing to load and run, systems misbehaving generally;
- Authentication failures: forgotten passwords, inability to login etc.;
- Bribery and corruption;
- Business issues involving information, data, IT systems, networks, apps etc.
- Cloud and Internet failures;
- Coercion, unwarranted or inappropriate pressure, blackmail;
- Compliance issues e.g. corporation and tax laws, money laundering, privacy;
- Crises and disasters in general, impending doom, imminent deadlines, crunch-time;
- Customer, client or other third-party issues;
- Data errors, integrity failures, missing or additional data, data corruption;
- Earthquakes, cyclones, tornadoes, volcanic eruptions, storms, extreme weather;
- Essential people unavailable e.g. off sick, away on business, AWOL;
- Ethical issues e.g. exploitation;
- Exposure or disclosure of confidential information;
- Failed IT changes, upgrades and patches;
- Fires, overheating, smoke, floods, leaks and other environmental concerns;
- Frauds, scams and (other) social engineering attacks;
- General calls for assistance with ICT and information matters;
- Hacks of networks, systems and devices;
- Health and safety issues;
- Illegal activities in general;
- Improvement opportunities, suggestions, bright ideas;
- Intellectual property issues e.g. unlicensed software/piracy, trademark or patent abuse;
- Longstanding/persistent issues, systemic failures in business systems and processes;
- Malware infections e.g. spyware, ransomware;
- Mistakes by system administrators or users, plus “accidents” involving information/data or ICT;
- Near-misses: incidents narrowly and fortunately avoided … just;
- Novel risks e.g. new or changed threats, vulnerabilities or impacts;
- Overloaded IT systems, lack of capacity, delays and other performance issues;
- Power cuts, surges and dips;
- Privacy breaches, inappropriate disclosures of personal information;
- Relationship issues – problems in business and personal relationships (’trouble at home’);
- ‘Something not quite right’ … perhaps vague suspicions, strange coincidences, feelings of unease and other goings-on that catch someone’s attention, or something more specific such as:
- An unaccompanied visitor or a stranger behaving suspiciously in or near the office;
- Things ‘out of place’ in the workplace with no obvious explanation;
- Doors, windows, gates, cabinets and safes left unlocked;
- Comments from work colleagues or contacts hinting at something untoward and inappropriate going on.
The awareness module focuses on 'identify' and 'assess', two critical early steps that kick-start the incident management cycle.
- Introduce the topic, providing general context and background information;
- Expand on the value of vigilance, early detection and prompt, accurate reporting of information security, privacy and other incidents: why is this so important?
- Encourage people not just to be more alert but to react appropriately to any issues and concerns they spot, typically by reporting them, stopping/avoiding risky activities etc.;
- Motivate people to think - and most of all act - more securely in a more general sense.
The management materials lay out a strategy to drive up both the number of incidents reported, and the quality and timeliness of those reports. The awareness program presents an opportunity to explain to managers why those are worthwhile objectives (e.g. to meet the tight 72-hour privacy breach reporting deadline under General Data Protection Regulation), getting them to consider and discuss the proposed strategic approach. Whether in the end they decide to progress the proposal or not, at least managers are thinking and talking about the issues: that’s an awareness win!
Spotting incidents awareness
Use these materials to encourage workers to notice and report all manner of incidents, issues, concerns and near-misses, triggering the incident management process as soon as practicable. Time is of the essence!