WEBVTT 00:00:00.000 --> 00:00:06.930 align:middle line:90% 00:00:06.930 --> 00:00:11.870 align:middle line:84% In this video, we're going over employee reporting. 00:00:11.870 --> 00:00:14.000 align:middle line:84% While it's important to have a good training 00:00:14.000 --> 00:00:16.129 align:middle line:84% for our employees, it's also important to have 00:00:16.129 --> 00:00:17.990 align:middle line:84% an effective way for them to communicate 00:00:17.990 --> 00:00:21.900 align:middle line:84% issues and questions that they run into. 00:00:21.900 --> 00:00:24.060 align:middle line:84% We should encourage our users report 00:00:24.060 --> 00:00:29.610 align:middle line:84% to any suspicious activities or questions that he might have. 00:00:29.610 --> 00:00:33.500 align:middle line:84% Now, of course, this can end up being a double-edged sword. 00:00:33.500 --> 00:00:36.550 align:middle line:84% On one hand, our users tend to be on the front lines, 00:00:36.550 --> 00:00:39.670 align:middle line:84% and can quickly report suspicious activities 00:00:39.670 --> 00:00:44.430 align:middle line:84% to us quickly, and also in greater numbers. 00:00:44.430 --> 00:00:47.480 align:middle line:84% After all, our employees tend to outnumber our security staff 00:00:47.480 --> 00:00:50.000 align:middle line:90% and our IT staff. 00:00:50.000 --> 00:00:53.690 align:middle line:84% Now, on the other hand, users may report false positives - 00:00:53.690 --> 00:00:56.960 align:middle line:84% redundant issues, bombard us with questions, 00:00:56.960 --> 00:01:01.180 align:middle line:84% and the influx of information may be overwhelming to us. 00:01:01.180 --> 00:01:04.330 align:middle line:84% If we can make report - if we also make reporting a chore 00:01:04.330 --> 00:01:07.060 align:middle line:84% or confusing, they may not report anything 00:01:07.060 --> 00:01:10.860 align:middle line:84% at all, which is going to be just as bad. 00:01:10.860 --> 00:01:12.770 align:middle line:84% So when it comes to reporting, we 00:01:12.770 --> 00:01:16.520 align:middle line:84% should be taking a few things into consideration. 00:01:16.520 --> 00:01:19.100 align:middle line:84% We want to help train our users on what we'd like 00:01:19.100 --> 00:01:22.060 align:middle line:90% them to keep an eye out for. 00:01:22.060 --> 00:01:25.570 align:middle line:90% We create a FAQ and offer it. 00:01:25.570 --> 00:01:28.450 align:middle line:84% The FAQ can help cut down irrelevant information 00:01:28.450 --> 00:01:30.070 align:middle line:90% or bad intelligence. 00:01:30.070 --> 00:01:32.050 align:middle line:84% This also may take some time to develop 00:01:32.050 --> 00:01:35.020 align:middle line:90% and may be developed over time. 00:01:35.020 --> 00:01:37.925 align:middle line:84% Now, of course, we could take what we already 00:01:37.925 --> 00:01:40.300 align:middle line:84% know, the questions that we'd already be getting, and put 00:01:40.300 --> 00:01:45.700 align:middle line:84% into a FAQ, but the FAQ needs to be quickly accessible and easy 00:01:45.700 --> 00:01:46.310 align:middle line:90% to use. 00:01:46.310 --> 00:01:51.550 align:middle line:84% Now, if we have a 23-page HTML document or Word document, 00:01:51.550 --> 00:01:54.505 align:middle line:84% almost no one is ever going to go through that document 00:01:54.505 --> 00:01:56.750 align:middle line:90% to find what they need to find. 00:01:56.750 --> 00:02:00.280 align:middle line:84% However, if we make a FAQ with a search bar, 00:02:00.280 --> 00:02:05.380 align:middle line:84% or some commonly asked questions in the FAQ, or even 00:02:05.380 --> 00:02:09.279 align:middle line:84% a chat bot - you could setup a very easy chat bot for free 00:02:09.279 --> 00:02:12.130 align:middle line:84% - and that could be a great way for people 00:02:12.130 --> 00:02:15.780 align:middle line:84% to find whatever information they're looking for. 00:02:15.780 --> 00:02:18.680 align:middle line:84% They type in, "What do I do with this?" 00:02:18.680 --> 00:02:22.740 align:middle line:84% And the chat bot will come back with whatever response it is. 00:02:22.740 --> 00:02:24.630 align:middle line:84% Now, of course, as we start getting 00:02:24.630 --> 00:02:26.380 align:middle line:84% more and more information, start dealing 00:02:26.380 --> 00:02:29.400 align:middle line:84% with more issues, of course, this is going to evolve, 00:02:29.400 --> 00:02:32.580 align:middle line:84% and our FAQ needs to evolve with it. 00:02:32.580 --> 00:02:35.220 align:middle line:84% Having an out-of-date FAQ, people 00:02:35.220 --> 00:02:38.880 align:middle line:84% are going to also be less likely to use it. 00:02:38.880 --> 00:02:42.510 align:middle line:84% Now, on the reporting side, we want to make it easy. 00:02:42.510 --> 00:02:46.890 align:middle line:84% Making reporting easy for a user is going to be essential. 00:02:46.890 --> 00:02:49.620 align:middle line:84% We also want to consider offering an anonymous reporting 00:02:49.620 --> 00:02:52.860 align:middle line:84% option for people either embarrassed to report something 00:02:52.860 --> 00:02:55.740 align:middle line:84% or if they're reporting someone else that's potentially 00:02:55.740 --> 00:02:58.920 align:middle line:90% doing something suspicious. 00:02:58.920 --> 00:03:03.390 align:middle line:84% Now, I bring this up, because users, 00:03:03.390 --> 00:03:06.450 align:middle line:84% if it's something embarrassing, an embarrassing question 00:03:06.450 --> 00:03:10.530 align:middle line:84% to them, they may not want to report it or ask 00:03:10.530 --> 00:03:11.550 align:middle line:90% under their own name. 00:03:11.550 --> 00:03:13.513 align:middle line:84% Because, again, it's going to be embarrassing. 00:03:13.513 --> 00:03:15.555 align:middle line:84% People, generally, don't like to be embarrassing. 00:03:15.555 --> 00:03:18.385 align:middle line:84% They don't like feeling stupid, and they're 00:03:18.385 --> 00:03:20.260 align:middle line:84% going to be less likely to ask that question. 00:03:20.260 --> 00:03:22.610 align:middle line:84% And if they don't ask that question, 00:03:22.610 --> 00:03:27.320 align:middle line:84% it's just going to leave that much of a bigger security hole. 00:03:27.320 --> 00:03:31.290 align:middle line:84% Likewise, if someone wants to report someone 00:03:31.290 --> 00:03:33.330 align:middle line:84% or needs to report someone that they suspect 00:03:33.330 --> 00:03:37.090 align:middle line:84% of doing wrongdoing, if they have to use their own name, 00:03:37.090 --> 00:03:40.140 align:middle line:84% they might be less likely to report it, 00:03:40.140 --> 00:03:42.960 align:middle line:84% because they're going to worry about repercussions - 00:03:42.960 --> 00:03:45.060 align:middle line:84% repercussions from either management 00:03:45.060 --> 00:03:47.610 align:middle line:84% or repercussions from that particular employee 00:03:47.610 --> 00:03:49.980 align:middle line:90% that they're reporting. 00:03:49.980 --> 00:03:53.640 align:middle line:84% Now, with that said, we also want to offer a safe reporting 00:03:53.640 --> 00:03:54.342 align:middle line:90% method. 00:03:54.342 --> 00:03:55.550 align:middle line:90% That's going to be essential. 00:03:55.550 --> 00:03:58.830 align:middle line:84% It's advisable not to punish or otherwise demean 00:03:58.830 --> 00:04:02.220 align:middle line:84% people who reported an issue or don't report an issue, 00:04:02.220 --> 00:04:04.570 align:middle line:90% for that matter. 00:04:04.570 --> 00:04:07.740 align:middle line:84% Now, if someone reports to us, OK, I 00:04:07.740 --> 00:04:09.960 align:middle line:84% clicked this phishing email, and I feel really bad, 00:04:09.960 --> 00:04:11.793 align:middle line:84% but I didn't want to bring it up to you guys 00:04:11.793 --> 00:04:13.530 align:middle line:90% - and you say, you idiot. 00:04:13.530 --> 00:04:15.420 align:middle line:84% Why did you click that phishing email? 00:04:15.420 --> 00:04:17.160 align:middle line:90% It's clearly a phishing email. 00:04:17.160 --> 00:04:19.890 align:middle line:90% Why would you ever do this? 00:04:19.890 --> 00:04:24.190 align:middle line:84% Or on the other side, someone reports the phishing email, 00:04:24.190 --> 00:04:25.620 align:middle line:90% you say, OK, great. 00:04:25.620 --> 00:04:26.768 align:middle line:90% Thanks for reporting it. 00:04:26.768 --> 00:04:28.560 align:middle line:84% That's going to go on your permanent record 00:04:28.560 --> 00:04:30.750 align:middle line:90% and your evaluation report. 00:04:30.750 --> 00:04:32.790 align:middle line:84% Threatening people, punishing people, 00:04:32.790 --> 00:04:35.490 align:middle line:84% demeaning people just means that they're 00:04:35.490 --> 00:04:40.800 align:middle line:84% going to be less likely ever to report an issue ever again. 00:04:40.800 --> 00:04:44.010 align:middle line:84% And if people don't report issues, that's bad also. 00:04:44.010 --> 00:04:46.380 align:middle line:84% But instead of punishing them, which 00:04:46.380 --> 00:04:48.960 align:middle line:84% is going to really reinforce never reporting anything ever 00:04:48.960 --> 00:04:52.230 align:middle line:84% again and just do a better job hiding it, 00:04:52.230 --> 00:04:53.290 align:middle line:90% we want to keep it open. 00:04:53.290 --> 00:04:55.410 align:middle line:84% And say, OK, well, yeah, you shouldn't 00:04:55.410 --> 00:04:59.040 align:middle line:84% have clicked that email, but, OK, here's 00:04:59.040 --> 00:05:00.600 align:middle line:90% what we're going to do. 00:05:00.600 --> 00:05:02.190 align:middle line:90% We want to help you get better. 00:05:02.190 --> 00:05:03.900 align:middle line:84% We want to train you a little bit. 00:05:03.900 --> 00:05:06.825 align:middle line:84% You're going to need a little bit more training. 00:05:06.825 --> 00:05:08.700 align:middle line:84% It's not going to go on your permanent record 00:05:08.700 --> 00:05:10.840 align:middle line:90% as something negative. 00:05:10.840 --> 00:05:14.220 align:middle line:84% We just want to help you learn and so this 00:05:14.220 --> 00:05:15.390 align:middle line:90% doesn't happen again. 00:05:15.390 --> 00:05:18.940 align:middle line:84% It's for your protection, and it's for our protection. 00:05:18.940 --> 00:05:24.640 align:middle line:84% Keeping that open, keeping that relationship on a good basis, 00:05:24.640 --> 00:05:25.780 align:middle line:90% is going to be essential. 00:05:25.780 --> 00:05:29.560 align:middle line:84% Because you keep your employees feeling better about things, 00:05:29.560 --> 00:05:32.680 align:middle line:84% you feel better, and they're going to report. 00:05:32.680 --> 00:05:36.210 align:middle line:84% They're going to be more likely to report things that come up. 00:05:36.210 --> 00:05:38.790 align:middle line:84% Now, assigning a person to handle the reporting 00:05:38.790 --> 00:05:41.190 align:middle line:84% is going to help things run smoother. 00:05:41.190 --> 00:05:45.060 align:middle line:84% Versus, if you have just a generic area 00:05:45.060 --> 00:05:46.800 align:middle line:84% where all this is being dumped, someone 00:05:46.800 --> 00:05:49.290 align:middle line:84% checks it maybe once a week, well, that could be a problem. 00:05:49.290 --> 00:05:51.720 align:middle line:84% Because if there's a spear phishing campaign, 00:05:51.720 --> 00:05:54.600 align:middle line:84% it hits your network, that campaign 00:05:54.600 --> 00:05:58.590 align:middle line:84% may have hit your network, and wrapped up, and left, 00:05:58.590 --> 00:06:01.450 align:middle line:84% and they cleared the tracks before you even knew it. 00:06:01.450 --> 00:06:03.300 align:middle line:84% So having someone actually assigned 00:06:03.300 --> 00:06:05.700 align:middle line:84% to help facilitate and handle that 00:06:05.700 --> 00:06:07.830 align:middle line:84% can help things run smoother and keep things 00:06:07.830 --> 00:06:10.980 align:middle line:90% running quicker and more agile. 00:06:10.980 --> 00:06:13.410 align:middle line:84% Now, of course, depending how big your organisation is, 00:06:13.410 --> 00:06:17.050 align:middle line:84% how many reports you get in, having, say, 00:06:17.050 --> 00:06:20.460 align:middle line:84% a security team of three people and an employee base of 10,000 00:06:20.460 --> 00:06:22.920 align:middle line:84% people, you're probably not going to handle all those 00:06:22.920 --> 00:06:23.470 align:middle line:90% requests. 00:06:23.470 --> 00:06:27.360 align:middle line:84% So you may consider outsourcing that. 00:06:27.360 --> 00:06:30.180 align:middle line:84% Now, in wrapping up, users are on the front line. 00:06:30.180 --> 00:06:34.080 align:middle line:84% Training your users can make a big impact on your security. 00:06:34.080 --> 00:06:37.080 align:middle line:84% Making reporting easier and non-threatening 00:06:37.080 --> 00:06:38.940 align:middle line:90% is also going to be important. 00:06:38.940 --> 00:06:41.910 align:middle line:84% Allow a mechanism for people to report issues safely 00:06:41.910 --> 00:06:43.167 align:middle line:90% and easily. 00:06:43.167 --> 00:06:45.000 align:middle line:84% And, of course, training is going to be key. 00:06:45.000 --> 00:06:48.480 align:middle line:84% By having a good training system and communication, 00:06:48.480 --> 00:06:51.390 align:middle line:84% you can cut down the false positive reporting. 00:06:51.390 --> 00:06:52.390 align:middle line:90% Thank you for watching. 00:06:52.390 --> 00:06:54.440 align:middle line:90% I'll see you in the next video. 00:06:54.440 --> 00:06:56.000 align:middle line:90%