A few days ago, I found an
interesting and dangerous situation that I would like to warn you about.
A company I know well was
under attack from a weakness on their web site. It was a major intrusion
that needed immediate attention.
My issues started when I tried
to contact anyone at the company to warn them about the problem.
I had to go through a “phone
tree” for support. When I finally got a human to answer, and I explained the
nature of the problem, and how it was time sensitive, the response I got was,
"Thanks for the information. Someone will get back to you in a WEEK!
(the people who answered the phone were not IT support!)
What are your support staff
trained to do when an issue is called in? Do you train them and test the
process? Think about the issues if this was ransomware!! How long
would support have waited to call level 2 support? How much data would
your company lose while waiting for a ticket to even get to the proper person ?
TRAIN YOUR STAFF NOW so
that they can handle and respond to risks quickly in an appropriate
manner. Don't become a victim!