What is a critical alert?
A critical alert is typically an alert placed at a higher priority level than an alert that comes into the service desk because, for example, someone forgot their password.
How OnPage prioritizes critical alerts:
A high priority message triggers a loud, intrusive, hard to ignore Alert-Until-Read tone. OnPage alerts mimic the pager urgency but also enables a rich, full text message with voice or picture attachments. Designed for critical, time-sensitive situations, the OnPage alert assures the sender that the message has reached its destination and was read. A good use of the High Priority feature is to use it for time-sensitive messaging, urgent messaging, medical emergencies, and critical alerts coming in from monitoring tools.
Low priority alerting
Low Priority Messaging can be regarded as continuous messaging, with replies that go back and forth. Unlike other casual messaging apps, however, users can track the messages that are being sent. Users have the ability to see when the messages is SENT, RECEIVED, and READ. Every reply appears as a new message in your inbox, accompanied by the Alert Tone. Our customers use Low Priority messaging for non-urgent messaging, casual communications, practice updates and non-critical status updates. If you send a Low Priority Message:
- The recipient will not receive the persistent alert tone
- The recipient will not get the big red exclamation mark that signifies High Priority
- The recipient will be able to send back a reply. The sender will know that it is a message.
Critical alerts are reserved for severe issues like complete system failure or an attack. here are some examples:
- In 2015, nearly 300 million records were leaked and over $1 billion stolen
- Last year, 2500 cases of ransomware occurred and cost $24 million in the US alone
- Companies saw an average of 160 successful cyberattacks per week last year
- Kaspersky Lab reports that the average direct costs of a security breach on a small business is $38,000. This total includes the costs of downtime, lost business opportunities and the professional services small businesses hire to mitigate the security breach.
- Reports show that when a breach occurs, it’s often because an employee left the gate unlatched. Inside employees are the largest culprit of security breaches
To handle the breadth and impact of these incidents, IT centers develop robust policies to handle these situations. The companies develop playbooks and procedures. Yet when an inside employee enables an attack and the breach occurs, rather than receiving a persistent and immediate alert, the on-call engineer simply receives an email or a phone call. Maybe they also get a text. How well do you think an alert through one of these channels performs in getting the attention of the on-call engineer?
Using critical alerts and playbooks
If an IT center or office has intelligently designed their principle of least privilege (POLP) whereby they provide only the access an individual needs to perform their job, the organization will have a strong sense of what privileges are enabled and who has what access. The organization will also have a strong knowledge of what is considered normal and what is considered anomalous behavior on their network.
POLP enables preemption of both malicious and accidental breaches by narrowing the list of possible points of exploitation –which in turn narrows the list of possible users that might be suspected or held accountable. When an alert does occur because someone has improperly accessed a point on the network, OnPage will allow officials to recognize critical situations in real time.
Critical alerting enables:
- Persistent alerting
- Alerting of the right individual rather than alerting to the whole team
- Escalation when the primary responder is not available
- Insight into the site and exact nature of the breach
- Audit trails to enable follow up on response time
IT staff need a robust database which enables them to:
- Articulate normal operating parameters and what constitutes anomalies
- Identify the nature of the alert
- Understand network baselines and how to handle situations that deviate from it
- Identify roles and responsibilities within the organization and what must be done when anomalies are detected
- Include contact information
- Design eradication and recovery procedures
- Conduct a post mortem when events occur
Measure, evaluate and update
After the attack has been alerted to and resolved, it is important to implement a post-mortem to review how well the team performed. As part of the post-mortem, teams should look at how long it took them to recognize the attack; how long it took them to alert to the attack; how long it took them to respond to the attack; and how long it took them to resolve the attack. By knowing these metrics, teams can minimize their Mean Time Til Resolution (MTTR).
Additionally, by reviewing MTTR, teams will have a metric by which they can review their response time to other incidents and see what impeded or improved their response time. Only through acknowledging the importance of this metric and bringing it into the IT wheelhouse, can teams respond effectively.
What is Critical Incident Management
Critical Incident Management defines the alignment of company operations, services and functions to manage high priority assets and situations. Any incident that requires a co-ordinated response between multiple teams can be defined as requiring critical incident management. To learn more click here .