Chat Ops
Communication Plan
Introduce your company to chat operations
It’s a great idea to be sensitive to deploying anything that communicates with your workforce about security issues to avoid confusion or concern that Wirespeed ChatOps is unsafe and actually a bad guy.
Here are some options that you have to do this:
Onboarding Group
Underneath the chat ops settings, you can enable an onboarding group. This will allow you to select what users you want to receive chat ops messages. We will only interact with these users while you are in the onboarding phase. You can search for users in bulk and select the add or remove buttons at the bottom of the dialog to add all matches, or select the 3-dot menu on each user to add or remove them.On First Use Messages
Enabled by default, the “On First Use” messages give a short explanation about what Wirespeed is, like this:Wirespeed is an application that keeps your company safe from hackers by occasionally asking you questions about you and your coworker’s activities. You can learn more about us here https://wirespeed.co and ask your security team for more information.You may disable this message by selecting the Trash icon next to the text field.
Account Locked Messages
When a user’s account is locked in response to an actionable detection, they will receive a message like this:Suspicious activity has been detected for your account which has caused us to reset your password and log you out of all active sessions. To regain access, please follow your company’s password reset instructions.This message is required but may be customized underneath Settings > Chat Ops. It is recommended to add a link to your password reset instructions.
Initial Rate Limiting
It’s best to rollout new functionality in stages, to minimize any issues or confusion. Wirespeed allows you to set a limit on the number of chat ops messages per day, so you can introduce it in small chunks to your organization. Escalations to your security team are not subject to these rate limits.Preemptive Rollout Messaging
It’s also a good idea to send an organization-wide message about rolling out Wirespeed, using the normal communication channels they would expect to see important updates, such as an organization-wide chat channel or official email address responsible for security or tech changes. Here’s an example template you could start from:Hi Team, This is a quick note to let you know that we have started using a cybersecurity monitoring app called Wirespeed which will occasionally message you asking you questions about your online activity, such as logging in from unusual locations. To the best of your ability, please answer any questions from the app so we can all make sure to keep our organization safe from hackers and ransomware. Wirespeed’s goal is to be painless and only ask you when it matters. Please also note that Wirespeed will never ask you for sensitive information, like your password, bank account, or government ID numbers! A screenshot of an example Wirespeed message is below. Thanks and please let us know if you have any questions! - Security Team
Examples
Below are examples of what the user will receive in Slack, Microsoft Teams, Email, and SMS.Initial Message
We will initially message the user through all available communication channels. Email, Slack, and SMS will redirect them to our website and go through the chat ops steps. Microsoft Teams will stay in app and display the chat ops steps in an iframe.Chat Ops Steps
The user (or their manager) will receive a message with a brief summary of the security alert. If they select no, their account and endpoint will be locked, and they will be told to contact their IT department to unlock it. If they select yes, they will continue to step 2.