How kidney stones help us think better about implementing security

Sometimes in life we go through very disruptive experiences that make us think about how we can better prepare ourselves. Kidney stones, while small, have that effect. The experiences you have with these can make you think about how to better prepare yourself for future situations, whether they are in life or with security and business continuity.

heart monitor rate ekg hospital medical

I learned last Saturday at 5 a.m. what several small pellets can do to disrupt someone’s life.  It took three doctor visits, a large amount of medications, and a lot of patience to deal with this situation. It was a lot of pain and disruption in between, not only for myself, but for my family. 

This is a situation numerous people deal with every day in their personal lives. As our lives evolve to become more digitally integrated, this is also something that we can draw on our experiences in information security to help others address in their personal lives, and vice versa. This is something infinitely more applicable and important to people than talking about just technology. 

What are the important takeaways we can apply to both kidney stones and information security?

Don’t wait to deal with it

The second you feel pain and don’t think something is right, you need to do something about it. Instead of thinking that something else is more important because the pain went away, which I initially did, you need to address it at the onset. The same applies for security. If you notice something isn’t right, just because it goes away doesn’t mean that the issue has disappeared. Don’t wait to deal with issues. In security, call the security team the second you see something. It’s easier to deal with an issue when it’s fresh and you remember most/all of the details. Time is your worst enemy in a security incident, like it is for pain.

Don’t be afraid to get a second opinion

The second you still feel pain, even after seeing someone, you need to address it. Instead of waiting for a doctor’s appointment, or thinking that there is stigma from going to an emergency room, you need to go there. There’s only a few times that you feel intense pain, and this is one of them. Likewise, if the situation intensifies in security, you need to intensify the response, rather than wait it out. With a kidney stone, you cause yourself a lot of pain and interrupt the lives of your family.  With security issues, you cause the business a lot of pain and interrupt the lives of your customers and fellow team members.

Be prepared to have an alternate work location

Due to medical reasons, I wasn’t able to work at my office for most of the week. However, I had a home office set up with everything I needed to work for several days without having to go back there. A few months ago I invested in a PC setup that mirrored a standard desktop PC at my job. Because I had this all set up and ready, I was able to work and interact with the team as much as I normally did, without having to be there. I had tested this regularly throughout the few months I had the PC. In security, you also have to be able to have this setup available in case you are not able to get to the office and work, or if network connectivity does not exist. You need to test yours also, and make sure your business has them and knows how to use them when the situation arises.

Be prepared to deal with the situation for a while

When you have an issue, you can’t anticipate being back in the office within 1 to 2 days like if this was a small illness. You have to prepare for the possibility that you may be not 100 percent for several weeks, or that there may be days you will not be available. You have to plan to be at your alternate work location for the foreseeable future, and to make future plans around it. Likewise, in security, when you have an event, you can’t give finite times for being back online. As the situation unfolds, you need to address these issues with your customers, and make sure that every action you take is based upon the assumption that normal business operations will not be in place until they actually are.

Always check with a specialist before resuming normal activities

If you have a situation, make sure you schedule an appointment with a specialist as fast as you can. If you have to go out of your comfort zone to use a physician portal to message someone, do it. This is critical if you want to return to work and start down the path of a somewhat normal return. If you have a security situation and you need to make sure your organization has addressed the issue, there’s no business or social stigma with reaching out to a known subject matter expert with your situation to help address the issue and confirm that it’s OK to resume operations. With a medical situation, it’s your well-being. With a security situation, it’s everyone in your business and your customers. 

Follow up and keep following up

When the situation ends, and you are staring at two little pellets that made your life a living hell for a week, don’t just assume it’s over. Take them to be analyzed. Be vigilant about what you eat and drink, and how you live your life. Make the changes needed for a better one for your family and yourself. Listen to your doctors when they tell you what you should and should not do, and be prepared to deal with this again in the future. 

With a security situation, don’t go back to life as normal. Have your Lessons Learned, have your team follow up with changes required, and continually address the issues you discovered through people, processes, and technologies.

Don’t let this be something you eventually forget, because it more than likely will happen again. Make changes at work like you would in your personal life, and make them for the people that depend on you, like you would for your own family.

Copyright © 2018 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022