Detecting Incidents

Detection is all about knowing when something has gone wrong.

We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the more quickly you know about an incident, the more quickly you can mitigate the impact and get back to normal operations.

Quick Wins

• Email. Look for unusual requests, attachments, links. Be suspicious.
• Use cybersecurity products or services that help monitor your networks (think of antivirus and antimalware software, for example)
• Physical Security. Are employees/customers acting suspiciously? Are people in locations they shouldn’t be? Do you notice someone not following established policy? Be sure to consider physical security as well.
• Users. Train employees to know what incidents and attacks look like and that they need to be reported quickly.
• Talk to others in your industry and reach out to local IT experts about exploring the option of improving your protections using some kind of network monitoring service that helps to detect incidents. The availability of cybersecurity tools and services is growing.