At Overtracking, we have developed this protocol with the aim of being able to respond effectively to possible cyber-attacks or computer errors that Overtracking systems may suffer.
Procedure in case of a crash or errors in the system #
- Confirm the fall or that there is an item that is causing the problem.
- Identify the scope of this.
- Communicate the crash or problem to users.
- Recover normal operation of the tool.
- Notify users that the problems have been resolved.
Procedure in case of security breach #
- Confirm that the cyber attack is real.
- Investigate the cause of the security breach. It must be determined through which security breach the attack occurred.
- Repair the vulnerabilities that allowed it.
- Determine the scope and affected systems and information.
- Communicate it to users and competent authorities if necessary
- Write an Email to users in addition to reporting on Twitter
- Report what has happened and the measures we have taken:
- To solve the problems
- To prevent it from happening again
Recovery measures #
In the event of a technical or security incident in Overtracking, the support and communication teams must, according to their roles:
- Restore data on affected systems from the most recent backup.
- Get affected systems up and running as soon as possible.
- Offer assistance to affected users.
- Write to users by email notifying them of the problem, proposing measures to take, and inviting them to get in touch via email or Twitter direct message if they need assistance.
- Post a tweet reporting what happened.
Roles and responsibilities of the different teams #
The Support team is responsible for developing the most secure infrastructure possible that is continually updated. In addition, alerts must be configured to notify the team so that it can implement the action protocol as soon as possible.
The Media team is responsible for notifying users of the problem that has occurred and its scope once it has been determined, as well as communicating when the problem has been solved.
This protocol is subject to regular testing and updates to ensure it is effective.