Imagine a scenario in which one of your employees — Madge in accounting, or Skip in sales, for instance — selects an incorrect option from a drop-down menu and opens your network and data to the world. Working with that set of menu options is part of his daily routine, but for some reason the mouse clicks on the “organizational armageddon” option instead of the “test network security” option. It might be difficult to imagine, but it demonstrates the truth in the old wisdom that you’re only as good as your weakest link. And you don’t need to imagine it, because this scenario played out in Hawaii recently, as reported by The Washington post and others.
Beginning his shift with the routine tests, an employee of the Hawaii Emergency Management Agency broadcast through all appropriate channels that a nuclear attack was imminent and that all Hawaiians should take cover and prepare for a North Korean missile assault. There was no actual threat, as was communicated as soon as possible, but for a short period of time, anxiety ran high and chaos ensued. But it was a mistake.
If This Were An Actual Emergency
No procedures or protocols can ensure that employees won’t make mistakes, but every possible precaution should be taken to limit the organizational exposure as your network and data follow your staff into the world to grow and prosper. And maybe the release of your data into the wild is not analogous with nuclear war, but the chaos that would follow is probably best avoided.
Let ICS take a look at your security practices and protocols, before somebody pushes the wrong button.