Skip to main content

Explain IT: Season 1, Episode 6 -Dealing with an IT Security Incident

Six steps to follow when you experience a security incident or breach on your network

0:00:00 / 43:05

USP Image (36)

In this episode, Mark Overton, Softcat's Information Security Officer, Adrian Richings, Softcat's SIEM lead and Adam Louca, Softcat's Chief Technologist for security join host Michael Bird to play out a security incident scenario. Together they follow a path through six steps to demonstrate the best way to deal with a breach or other security incident on your network, explaining the real life stumbling blocks and outlining the best way to prepare for an incident.

  • Preparing for a security breach is important. Having a strong and easy to follow plan, agreed with key stakeholders, can make the process much easier and straightforward, should a breach occur.
  • Having the right security culture is important – your users should know what to do and who to contact should they suspect a security incident. ‘Champion users’ within the organisation are a good way to help all users validate any suspected security incident.
  • You may consider your network to be watertight, but there will always be weak spots, such as Multi-Factor Authentication (MFA) not being applied on the ActiveSync channel. This leaves it vulnerable to phishing emails.
  • There are six steps to dealing with a security incident – discovery, verification, analysis, response, reporting and review – these are covered in detail in the podcast.
  • A post incident review is key to identifying the successes and areas for improvement. and also to recognise those who worked to rectify the problem.
  • The new GDPR guidelines require a report of any breach within 72 hours of discovery. This comes after the ‘verification’ step of the process and should include timely updates to the ICO as the incident progresses.



Want to know more?