• United States




In the event of an emergency, you will be prepared

Apr 07, 20164 mins
Data and Information SecurityDisaster RecoveryDLP Software

Preparedness drills for physical safety are commonplace. Why not begin doing the same for digital safety?

disaster recovery knob
Credit: Thinkstock

They say practice makes perfect – that you must do something a thousand times before it becomes truly natural. People seem to get this idea when it comes to physical safety in schools and workplaces, where it’s perfectly normal to have regularly scheduled drills for nuclear attacks, fire, earthquakes, lockdowns and even a zombie invasion. Computer security events are arguably much more common occurrences – most of us have probably seen a malicious email “in the wild” whether we were aware of it or not – and yet computer safety drills are rare.

What would a computer safety drill look like?

As computer safety drills are still just a concept, what on earth would one even entail? Consider the following text from a fire-safety manual:

“The primary reason for conducting office-building fire drills is to educate building occupants about the procedures to follow in the event of a fire. These drills provide an opportunity for occupants to locate and use primary and alternative exit routes, and to familiarize themselves with any alarm system components found on their floor such as manual pull boxes and warden phones. Fire drills are the time to not only prepare for fire, but to enable employees to be better able to handle the many other non-fire situations they may encounter.”

With this in mind, what events could you practice to better prepare for a computer security emergency? The first thing that comes to my mind would be a breach drill and the variety of questions that must be answered in this emergency situation:

  • What are the proper procedures that need to be followed in order to respond thoroughly and promptly in the event of a breach?
  • What are the most important components of your breach response?
  • Do you have primary and alternative contacts or processes?
  • Do you have a template or other prepared text to notify affected parties? 

Prepare for all scenarios

Similarly, you should also have drills to prepare for malware, natural disaster, or power grid events taking out computer systems:

  • Are there certain people who need to be notified first, or who need more detailed information?
  • What systems should be put into action in case your computers aren’t operational? (For instance, how will you process customer payments or handle employee scheduling and payroll?)

Consider how much time could be saved in those instances if employees didn’t have to scramble to find and remember how to use unfamiliar, and potentially ancient, procedures. Having been part of a malware emergency response group, I can imagine how much less exhausting outbreaks would have been if we’d been able to practice the necessary steps first, and repeat them until they became comfortable.

Drills could also be useful in instances where you need vigilant employee actions less urgently, but where the right course of action may be less than intuitive:

  • What do you do if you receive an email or phone call that you suspect is trying to socially engineer you into revealing sensitive information?
  • What do you do if you find a thumb drive or other removable media unattended?
  • What do you do if you realize you’ve lost a device or drive with work-related data on it?
  • Who can you contact to verify or report the contents of a suspicious message?

Practice makes perfect

Safety drills are an effective way to prepare people to perform prescribed actions in instances where they might be too panicked or anxious to think rationally. Making it through a breach or a computer outage certainly involves less threat to life and limb, but it can be seriously stressful in its own way.

Tactics like social engineering are often designed to frighten people into revealing important data; if employees have practiced the appropriate actions regularly, they will take correct action faster and more efficiently – mitigating the effects of a breach before it gets out of hand.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.