Is your incident response process building employee security habits?

All security teams have incident response processes, but are they improving employee habits?  Is there a better way, where employees can help address their own incidents and learn better habits in the process?  Below we compare the current process to an alternative process and break down the pros and cons.

Standard Six Steps of Incident Response

The traditional workflow is handled solely within a security team in a siloed protocol, leaving the root problem of bad cybersecurity hygiene unaddressed.


Using Security Incidents as Teachable Moments

This alternative workflow shares cybersecurity responsibility throughout an entire organization so every member helps defend against cyberattacks.

Security Team Prepares and Monitors Security Protocols

  • develop incident response plan
  • establish communication guidelines
  • simulate incidents and exercises

Security Team Receives HackNotice Credential Alerts

  • review credential alerts
  • reset credentials if needed
  • resolve any outstanding alerts as reviewed or fixed

Security Team Detects and Reports Potential Incidents

  • monitor events for potential threats
  • detect potential security incidents
  • alert team members if incidents found

Security Team Sends Employee HackNotice User Invite

  • add additional websites and domains to watchlists
  • monitor personal data for additional threat intelligence
  • monitor all threat channels for cyber threats

Security Team Triages and Analyzes Risks

  • track traces of threat actor, if any
  • build event timeline
  • determine level of compromise

Employee Sees Risk Alerts Affecting them (and the company) Directly

  • employee sees risk firsthand
  • employee follows detailed steps to mitigate risk
  • employee fixes incident directly

Security Team Contains and Neutralizes Risks

  • initiate coordinated shutdown
  • wipe and rebuild operating systems
  • change passwords of all compromised accounts
  • block all channels connected to the attack

Employee Resets Credentials and Fixes Incident Immediately

  • employee engages in problem solving
  • credentials are changed immediately
  • security team doesn’t waste time chasing employee

Post-Incident Protocol

  • complete incident report
  • monitor post-incident
  • update threat intelligence
  • coordinate all security measures across entire organization

Employee Learns Security Awareness

  • security incident used as a learning opportunity
  • employees gain experience in fixing risk
  • experience practiced turns into habit

Manual Analysis of Historical Incidents

  • security team files most recent incident, adding to historical incidents
  • security team prepares updated security protocols
  • employees continue operating without lessons learned

Instant Security Team Report

  • every employee contributes to overall company security
  • security team instill confidence in their coworkers
  • strong culture of security repels cyber attacks

The current workflow is potentially faster and involves fewer people, but it doesn’t change habits or solve the root problem. HackNotice Team’s workflow uses incidents as teachable moments. The best part: HackNotice automates the traditional process and creates alternative processes involving those affected by breaches and leaks, which results in less work for the security team and fewer repeat incidents.

Build a Culture of Security in your organization with HackNotice