User Submission Processes: How To Do It Right
If given a choice between doing something that took a lot of time and effort for what you perceive as very little payoff or just skipping the task altogether, which would you choose? Although we’d all like to think we’d buckle down and do the work, the truth is that most people wouldn’t, particularly if they can’t see the repercussions of not taking action.
That scenario is the situation that most employees face when they are confronted with having to report a potential problem at work. But that doesn’t need to be the case – ever. If you give people the option to do something simply, like report a potential cyber threat, you’ll be activating and empowering your most important cyber-defense system – the employees. On the other hand, if you make reporting or user submission a cumbersome task, you’re putting your company in jeopardy. And, quite frankly, you’re failing at doing cyber security properly.
User Submissions from an Employee Perspective
As a security expert, you may be thinking that asking employees to report potential security threats is no big deal. You might find yourself wondering why they can’t take the time to do it. However, what one person considers easy may not be objectively easy.
How Should Employees Report Security Threats?
At the minimum, your company should have a dedicated email address to which employees can forward potential email scams or other concerns. While that provides employees with a fairly painless submission process, they may not take the time to report the incident right away, leaving security teams in the dark for too long. If someone identifies a potential breach due to visiting a malicious website, reporting the incident via email can get complicated and convoluted. More often than not, the employee will send a message that is missing critical information or filled with irrelevant details because they aren’t sure what is important or required. Any of these scenarios will leave SOC teams more questions than answers.
A better option would be to integrate a product that uses one-click reporting. From an employee perspective, these solutions couldn’t be simpler to use. When processes are quick and straightforward, we all know that people are more likely to follow them. That translates to employees reporting immediately and as frequently as needed.
Looking at this option from a security angle, these products capture all the necessary information and transform it into the format that investigators and analysts need without asking anything extra from the reporting employee. The data is transferred in real-time and reduces the burden on your SOC teams, ultimately speeding up the investigation process and strengthening your security posture.
What to Do After an Employee Reports a Threat
Regardless of whether your company decides to use a dedicated email or a one-click solution, your team may still want to follow up with some additional questions. While they may be able to walk over to their coworker’s desk or shoot off an email, the approach they use is critical. The wrong words or tone may alienate an employee, making future reporting less likely. Make sure your security team knows how to approach the topic with coworkers. They should use language that is free from accusations and makes the employee feel valued for reporting.
Keep in mind that many employees might be fearful that their mistaken email click will lead to punishment or being fired, so security pros should do their best to avoid placing blame. Also, don’t make employees feel like they are being investigated but rather that they are helping the SOC team with their investigation and contributing to the process.
Finally, keep the employee who reported the incident in the loop throughout the investigation. By including them and showing how they have made an impact, you’ll automatically build goodwill, and they will continue to report should another incident occur. If they help stop a potential breach, try to praise them publicly. That message of support and thanks will filter throughout the company, making others feel more secure about reporting potential threats.
With 96% of phishing attacks originating from emails and another 3% from malicious websites, educating employees about the risks is always the first step. You should hold training sessions regularly to review known threats and ensure that every employee knows how to spot scams. Above all, make sure that whichever mechanism you choose for user submissions, the reporting process is as easy as it can be and that every person knows how to go about it. Even the strongest SOC team can’t defend the company alone, so get buy-in from every employee, and you’ll improve your security posture tenfold.