Adam Shostack is a recognized leader in the information and cyber security industry and has over twenty years of experience with delivering practical, creative, and effective solutions to a wide range of cyber security and information privacy issues.
What is a "Near Miss"?
A "near miss" is any security or privacy incident that gets identified and corrected before the incident becomes an actual information breach. The best way to handle a "near miss" is to use it as an opportunity to review your security processes and eliminate any gaps in your compliance procedures. The following are three ways to use a "near miss" scenario to mitigate your organization's risk of a data breach.
Identify the Cause
Did an employee misplace his or her laptop that stored sensitive or confidential information? Was there security vulnerability in your organization's network because of out of date software? Were your security rules too cumbersome to really follow? You must determine what caused the near miss by asking why repeatedly.
Review Similar Event Outcomes
After you know all of the details of how the “near miss” happened, you must do further research to ensure it does not happen again. One approach is to find an organization that has had similar “near miss” events to determine how it was handled. This can help to learn and understand what the organization did right, as well as what they did wrong.
Mitigate Future Risks
Once you have thoroughly analyzed the "near miss" event and reviewed how other organizations responded to similar events, it is imperative to implement a plan that will prevent a future "near miss" from becoming a reality. This may include additional security training for employees, stricter controls on who may access sensitive or confidential information, and being more vigilant about network and security upgrades.
Adam Shostack cautions that even though an organization cannot eliminate the likelihood of a security incident leading to a data breach, it is critical to have a process for handling serious incidents. Recognizing and treating "near misses" as a learning opportunity is an important strategy to avoid accidentally compromising your organization’s sensitive and confidential information. Additionally, it will help your organization mitigate the damage if a data breach does occur.