NOTE: This is a repost of something I initially posted to LinkedIn. I will be consolidating a number of older posts to my blog in the near future. Enjoy.
Have you ever seen someone make a bad decision in traffic, perhaps not paying attention while changing lanes or something similar, avoid an accident, then make up for it by driving like an idiot afterword? Often times this involves speeding up, weaving in and out of traffic and other less-than-careful maneuvers.
I see this happen a lot in my commute in the Florida traffic and often wonder why we as humans, after escaping or recovering from potential disaster, seem to recover by exhibiting even more risky behavior. Full disclosure here, I have been in these shoes myself and looked back at things wonder what I was thinking.
In my IT career I have seen this same phenomenon happen in incident response situations. A mistake is made during the response, and the individual overcompensates and makes poor decisions moving forward. The more the rope unravels, the worse things get.
Ransomware and CEO Fraud (aka Business Email Compromise or BEC) are certainly key concerns in today’s risk landscape. While preventing the incidents through user training is a core competency of my company and a proven method of defense, sometimes a person will accidentally click on the wrong thing. If this does happen, it is important to remain calm and not make the mistake of overcompensating. So what can you do to keep calm in these situations?
First, have a plan. If you make a plan when you are calm, it can keep you from missing steps or overlooking simple things. This plan should identify the risks and include preventative measures, like Security Awareness Training for phishing attacks, and actions in case things do happen.
Second is to have a plan for when you don’t have a plan. There will be times when the unexpected happens and you have not planned for it. The plan can be as simple as reminding yourself to calm down and assess the situation rationally, but should be written down somewhere as part of the process prior to the moment of panic.
Third, communicate clearly with others using as many facts as you can and make it clear when there are assumptions on the table. Your credibility is key to allowing leadership and your team to make correct decisions. It’s OK to mention theories, but make sure the audience knows it is just a theory until it can be proved. Don’t be the source of panic, but instead the voice of reason. This will help your entire team function better and keep you from recovering from one mistake just to make another one.
Keep these things in mind and you can keep cruising moving along in the fast lane.
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.