SOLWorld

Sharing and building Solution Focused practice in organisations

I work for a company where we are trying to implement SF methods. Here is our story.

We are a small company with around fifty office workers. Several months ago our computer systems were breached by an advanced ransom Trojan like Osiris. It encrypted our client’s database and many other important documents. That was a big blow for us. We had to pause most of our business processes to deal with that ransomware attack. We started to disinfect our computers and restore data from backups. IT guys did their best, but due to some technical glitches, our backups got spoiled. We were not able to restore our files. That could ruin our business. Top managers decided to pay the ransom. Eventually, hackers sent the decryption key, and we could decrypt 95% of files.

This was an eye opening experience. That case showed how quickly our business could be destroyed. Although we had up-to-date antivirus software and other infosec precautions, the virus still managed to penetrate our systems.

Some of our managers visited SF seminars and suggested to apply new methods to prevent future cyber-attacks.

So, we started to ask ourselves questions like - what do we want. We found that we want to be safe from all computer viruses and ransomware in particular. Our computer networks should be better protected by technical means, and our employees should become an additional cyber-defense line.

Evaluating our position on the success scale, we found some positive indicators. Our computers and systems were protected relatively well. All software programs were regularly updated. Antivirus flagged rare viruses. Workers did not spend time surfing the dark sides of the Internet, even social networks were forbidden.

To choose an optimal solution, we knew that we should consider and evaluate all possible measures and ways. We saw that to achieve our goals we should start moving in two main directions.

First – to enhance the security of our computers by adopting more complex and sophisticated virus detection mechanisms. Second – run a security training program for our users. We decided to break both approaches into smaller parts.

One of the best and widely used methods to strengthen your cyber security is to buy, set up and tune complex endpoint security solutions that should include intrusion prevention modules and many other additional systems. This is a great approach, but it is not cheap, it requires time and human resources to set up and tune it.

We wanted to find something that we already have, something that can be done quickly by taking small steps. We set this task to our IT team. Studying the matter, they begin to come up with simple solutions. It is not necessary to enumerate them all here, but you should know that Microsoft systems offer plenty of ways that allow you enhance your virus protection. You can:

Turn off Macros and ActiveX

Disable Volume Shadow Copy Service

Disable Windows Script Host

Disable Windows PowerShell

Define Software Restriction Policies

Again, It is just a small example of what can be done to Windows systems that you already have. You should start to evaluate which of these controls you do not need in your daily business routine work, turn them off one by one and gradually increase your protection. It is simple, it is cheap, and it proved to be working. Many virus authors rely on default Windows settings, so tweaking some of them may substantially increase your security posture. 

Another vector of our efforts had to do with our users, workers who click on links and surf the web. We wanted them to be prepared for virus attacks and know what to do in case online breaches happen. We probed theoretical courses of security awareness. We could not measure the success of those training sessions. We wanted something more practical, hands-on type.

And we came up with one simple and great technique. We wanted our users to quickly identify and stay away from viruses. We decided to deliberately put them into the risky environment. We informed our users that we are going to send fake phishing emails and instant messages to all workers and they should identify and report those malicious messages. Every week three workers would receive monetary prizes for being the most effective in identifying viruses.

It turned into a game which quickly paid off. During the first week, several threats reported by our employees were real-world viruses and not the fake ones sent by our IT staff. We constantly measured this phishing click-through rate. It was 35% in the beginning. Now it is 75% and growing.  

For now, we are making our first tiny steps implementing solution focused approaches in our company. We want to rebuild all our business processes to better serve our clients. We started applying SF in cyber security. We identified several ways to achieve our goal, broke them in small but effective steps which started to move things forward. Now we see that it is working and bringing positive changes. We want to move on and extrapolate SF to other spheres of our business.

Views: 114

Add a Comment

You need to be a member of SOLWorld to add comments!

Join SOLWorld

Comment by Jim Nanireko on December 14, 2016 at 14:04

We understand we are beginners in SF. We have tried to apply SF to a very narrow sphere of our life this time. To summarize how we moved:

1) We imagined our ideal future where we do not face any malware threats and our computers stay safe from viruses for years.
2) We want to achieve our goal by changing:
• Changing our technical infrastructure.
• Changing our workers. Every employee should feel responsible for cyber-security and constantly work to improve it.
3) Analyzing our positive experience, resources, and strong sides, we found:
• We have already implemented several simple tech measures that reduced the risk of virus attacks (spam filtering, server segmentation, etc.)
• Some of our workers already report virus attacks that helps us a lot to contain viruses and patch vulnerabilities.
4) Based on the previous success we started doing small steps forward:
• We started to study and carefully implementing additional security features already built into Windows.
• We introduced several the theoretical security sessions and described what we want to achieve and how. We started to send fake viruses to our workers to train all of them to identify and report viruses. For worker be willing to develop security skills faster, we introduced prizes.
5) We monitor and measure our achievement:
• For example, 33% of missed viruses failed to launch as we disallowed all software to run from Temp folders
• Our workers started to compete and report all suspicious phishing emails. Email delivered infections almost zeroed. People realized that what they do has an impact on others and that this work made each of them valuable members of our team (company)

Badge

Loading…

Notes

Jumpstart into Solution Focus

You want to learn more about "Solution Focus"?

You prefer a "step by step" introduction instead to start with reading some
voluminous books?

You would appreciate to have a complete "helicopter view" on SF after the first step…

Continue

Created by Hans-Peter Korn Dec 25, 2009 at 10:25am. Last updated by Mark McKergow Nov 3, 2014.

Making the most of SOLWorld.ning.com

If you’ve just arrived at SOLWorld.org (the SOLWorld ning group), you may be looking at all the features and wondering where to start.  This note might be helpful…

 …

Continue

Created by Mark McKergow Jun 3, 2008 at 4:55pm. Last updated by Jesper H Christiansen Jun 1, 2011.

Open Space at SOLworld conferences

SOLworld Open Space instructions as it was used at the 2011 conference, by Mark McKergow

Continue

Created by Katalin Hankovszky Dec 30, 2015 at 10:18pm. Last updated by Katalin Hankovszky Dec 30, 2015.

SOLWorld Resources

Welcome to the SOLWorld Resources section.  This part of the site features information about the SOLWorld network, our past events and materials from our previous website.  It will take some time to update all the information, so thanks for your patience. 

Information in this part of the site is 'read-only'.  If you want to start discussions, please go to the Forum or Groups. …

Continue

Created by Mark McKergow May 12, 2008 at 4:08pm. Last updated by Hans-Peter Korn Dec 25, 2009.

© 2017   Created by Mark McKergow.   Powered by

Badges  |  Report an Issue  |  Terms of Service