Home » Blog » May 2022 News & Tips | Incident Response Plans
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
The banging on the door was surprisingly loud for a place well-known for having small children stay there. Even the toilet seats had a “kiddie” fold-down section so that toddlers don’t fall in. This was the 2nd night of a two-night stay, and I had paid in advance. I quickly glanced at the clock and saw that it was 10:30PM. Who would be banging on my hotel room door at this hour? My kids were fast asleep, and my wife and I had been as well.
I threw a few clothes on and answered the door. A woman in a fluorescent yellow jacket let me know that the hotel was closing due to electrical issues. I was told to pack immediately and walk with my luggage around 1000 feet to a nearby hotel on the property to “discuss my options”.
I won’t name the property in question, other than to say that there were a lot of bricks involved.
I asked my better half to start packing up our things while I figured out what was going on. I looked at my phone, and I did find two text messages that were sent after we went to sleep from the brick-loving hotel stating that they were having electrical issues and that “things weren’t looking good,” but no one ever called the hotel phone to alert us. Those text messages did not tell us what our new hotel room would be, nor where that new hotel was located. Those text messages did not state that we were required to leave the property that night and that no transportation would be offered. Thankfully, I had a rental car. Those text messages did say to collect our belongings and carry them the 1000 feet to the new hotel, which I chose to ignore until I understood the situation, as we had three suitcases and there was only one of me.
After walking over to the neighboring hotel, I was greeted by a line of well over 50 people in the same situation. Only two people were working the hotel counter, and there were enough shouts of profanities to make a sailor blush. Apparently the hotel I had walked to was already full, and the people waiting in the over-50-people-deep crisscrossing line were being told that they had to find their own way to a Sheraton 3 miles away. No transportation was being provided. No compensation was being offered. Although our brick-themed hotel rooms were sold to us at a truly exorbitant price, when there are “power issues,” the premium paid for those rooms evaporated, at least as far as the hotel operators were concerned.
I sized up the situation – my wife and kids were waiting for me. This line was going to be well over an hour, and the atmosphere of the people waiting in the queue was reminiscent of the scene from the movie Airplane! where passengers were trying to calm down the hysterical passenger on the plane. I decided to call another hotel in the area that I had stayed at recently, spoke with an extremely helpful woman who got us a room, and then called my wife to let her know that we were going to take our family and our belongings there. We packed up the kids and left. I want to give a shout-out to this hotel because we had such a good experience with them: West Inn & Suites, 4970 Avenida Encinas, Carlsbad, CA 92008, USA.
There is so much to unpack here, literally and figuratively… This brick-loving establishment’s lack of an incident response plan was stunning. They simply didn’t have good procedures to handle the need for an evacuation of their hotel. They were understaffed, they were undertrained, and their customers (read: my family) paid the price for it. Here is the text they could have sent us if they had a real incident response plan: “Our hotel must be evacuated this evening. Your new hotel is XXX and your room number is YYY. Please head to the front lobby to be picked up by the shuttle buses we have arranged in case you do not have your own transportation. Bring your ID so that we can provide new room keys to you for room YYY. We sincerely apologize for the inconvenience this has caused, but the electrical issues are out of our control.” That would have led to a completely different experience for myself and my family. That would have been an example I would tell my kids about how well this brick-loving resort cares for its customers, and that bad things happen sometimes, but the way you handle the bad things defines the experience much more than the bad thing itself. Instead, we were kicked out of a resort hotel in the middle of the night by a bunch of staff that didn’t have a clue what to do with us.
As we were leaving, I let one of the fluorescent-yellow-jacket staff know that we were checking out and handed them my room keys. He took my room number, said that they would be happy to refund my money for this evening, and apologized for the situation, which was nice of him. After a few weeks, there was no refund. There was no follow-up by the brick-loving resort. So, I called my credit card company and disputed 50% of this 2-night stay (which was over $700 per night). I won the dispute.
This company had an opportunity to turn a negative into a positive. If they had handled this problem with a coherent plan and a can-do attitude, it might have made my family more loyal to the resort chain in question. Instead, they botched this incident response in nearly Equifax-sized proportions. We will not be staying there again.
Your organization has the opportunity to develop an incident response plan, a disaster recovery plan, and a business continuity plan that will outline the broad strokes you will take when things go sideways. A strong response to a bad situation can improve the loyalty your customers have to you. A mediocre response (or in this case, a terrible response) to a bad situation can put your company on your customers’ “do not do business with them ever again” list, and that’s not a list you want your company to be on.
Until next month, stay safe!
Upcoming Speaking Events
Live events are back in action! Here is a list of the cities that I will be in for 2022. Please feel free to reach out if you have an event in mind.
May 17th-19th, Huntsville, AL
June 9th-12th, Fayette, IA
June 14th-21st, San Francisco, CA
August 4th-10th, Kauai and Honolulu, HI
Do you ever wonder which patches are the most important to put in? This list of the most often exploited vulnerabilities from 2021 is a terrific place to start.
Hats off to Vice for a well balanced article. Yes, this is interesting and concerning, but "it’s important to note, though, that this research is at this point mostly theoretical and there’s no evidence that this kind of attack has been used in the wild."
Do you want your phone number, email address or home address to NOT be searchable by Google? There is a way to do that now.
From Facebook on data privacy: “We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do.”
Cybersecurity Tip of the Month
Lock Screen Settings
Working from the office again? Spending more time working in your favorite coffee shop? Here are some tips for good practices around securing your devices with your lock screen. Consider locking your workstation whenever you are going to be away from it—there are keyboard shortcuts to do this quickly on both Macs and Windows computers and the time it takes to log back in is well worth the added layer of security.
-Windows: There are a couple quick and easy ways to lock Windows using your keyboard. You can press the Ctrl+Alt+Del keys together. A screen of options should appear. When it does, click “Lock”. An even quicker way to lock your screen is to press the Windows and L keys at the same time. Your computer should lock instantly. Some other things to enable are facial recognition (if possible on your computer), a strong 6-digit pin, strong password for logging in, and a setting to lock after a certain period of inactivity. If your Windows computer has facial recognition, you can also set it to automatically lock when you walk away.
-Mac: First, it’s a good idea to check your settings and ensure your Mac requires a password immediately after entering sleep or screensaver mode. You can quickly lock your screen with the shortcut CTRL+CMD+Q (be careful not to press CMD+Q as this will shut down the application you are using which could be a problem if you have unsaved work). You can also quickly go to the Apple menu and click Lock. As with Windows, enabling facial recognition, a strong 6-digit pin, strong password, and setting your Mac to lock after a certain period of inactivity help provide additional security.
-iPhone/iPad: iPhones and iPads can easily and quickly be locked using the lock button located on the right side or top of the device. Again, be sure to enable facial recognition or Touch ID if these features are present on your device and have a strong 6-digit pin for logging in. Also check your settings so that auto-lock is enabled after a few minutes of inactivity.