17413 107 Ave NW #100, Edmonton, AB

Balancing a Proactive and Reactive Approach to Cyber Incidents

Decorative (Proactive Reactive Cybersecurity)

The consequences of a cyber incident are undeniable. They can encompass a broad spectrum, such as data breaches and system failures, to malware attacks and phishing scams, all of which can significantly impact productivity, revenue growth, and customer satisfaction. Beyond the immediate visible challenges of restoring systems and data once the incident is over, affected parties also must be informed about potential compromises, presenting a complex scenario to manage. Unfortunately for us, these type of events are inevitable. But that doesn’t mean that your business can’t be prepared for them! Exploring proactive and reactive strategies becomes crucial in addressing such attacks, managing their aftermath, and preventing future incidents.



Proactivity vs Reactivity

Proactive Approach: This strategy involves anticipating potential problems or opportunities and taking action in advance to address them. It emphasizes planning, prevention, and foresight, aiming to mitigate risks before they materialize. A proactive approach is forward-thinking and preventative.

Reactive Approach: This strategy involves responding to events and problems after they occur. It focuses on immediate action to manage and resolve issues as they arise. A reactive approach is responsive and corrective.



Proactive steps to implement:

By taking these proactive steps, you can help protect your business from the devastating consequences of a cyberattack:


1. Routinely update your passwords:

It’s critical to update your passwords regularly to help keep your accounts safe. By updating your passwords every six months, you can help protect your accounts from being hacked.

Here are a few tips on how to create a strong password:

  • Use a mix of upper and lowercase letters, numbers and symbols.
  • Avoid using easily guessable words like your name or birthdate.
  • Use a different password for each account.


2. Use a virtual private network (VPN):

A virtual private network encrypts your company’s data and gives you complete control over who has access to it. This can aid in the prevention of data breaches and the protection of your company’s information. However, make sure to select a reputable provider offering robust security features, as not all VPNs are made equally!


3. Conduct regular security awareness training:

As a responsible business executive, you must ensure that your company’s security awareness training program is comprehensive, engaging and adaptable to new threats. In today’s digital age, this is critical to protect your business.

Take note of the cybersecurity training topics recommended by the Small Business Administration (SBA) for all small businesses:

  • Spotting a phishing email.
  • Using good browsing practices.
  • Avoiding suspicious downloads.
  • Creating strong passwords.
  • Protecting sensitive customer and vendor information.
  • Maintaining good cyber hygiene.


4. Run regular phishing tests:

Phishing is a type of cyberattack that employs deceitful techniques to try and obtain sensitive information from users or cause them to download malicious software. Phishing attacks can be highly sophisticated and challenging to detect, which is why it is essential to periodically test your employees to assess their vulnerability to this type of attack.


5. Use multifactor authentication (MFA):

Multifactor authentication is a security measure that requires your employees to provide more than one form of identification when accessing data, reducing the likelihood of unauthorized data access. This can include something they know (like a password), something they have (like a security token) or something they are (like a fingerprint).



Reactive steps to remember:

The National Institute of Standards and Technology’s (NIST) reactive incident response framework covers the following five phases:


1. Identify:

To develop an effective incident response plan, security risks must be identified. This includes, among other things, threats to your technology systems, data and operations. Understanding these risks allows you to respond to incidents more effectively and reduce the impact of security breaches.


2. Protect:

To protect your company, you need to develop and implement appropriate safeguards. Security measures to guard against threats and steps to ensure the continuity of essential services in the event of an incident are examples of safeguards.


3. Detect:

Detecting anomalies, such as unusual network activity or unauthorized access to sensitive data, are needed to limit the damage and get your systems back up and running faster following an incident.


4. Respond:

A plan to respond to detected cyber incidents is critical. This strategy should include breach containment, investigation and resolution strategies.


5. Recover:

To minimize disruption, you must have a plan to resume normal business operations as soon as possible after an incident.




In managing the complexities of cyber incidents, both proactive and reactive approaches play crucial roles. Proactively implementing measures such as the ones above forms a robust defense against potential threats. These actions not only fortify defenses but also cultivate a culture of security awareness within the organization.

However, acknowledging the inevitability of incidents, reactive strategies are equally vital. The NIST incident response framework emphasizes the importance of swiftly identifying, protecting, detecting, responding to, and recovering from cyber incidents. This structured approach not only helps mitigate immediate damage but also strengthens defenses for the future. While reactive measures are essential for managing incidents as they occur, the true strength lies in proactive preparation. By adopting proactive security measures, businesses can significantly reduce their vulnerability to cyber threats and minimize the potential impact of incidents.

Ultimately, integrating both proactive and reactive strategies ensures a comprehensive approach to cybersecurity, safeguarding against threats while enabling sustainable business operations in an increasingly digital landscape.



Read more about our other projects and applications here!

Like what you see? Follow us on Twitter, or subscribe to our newsletter.

Framewerx Projects
Shopwerx in Acheson, AB
Real-time usage in the field

Our client-facing steel progression web application: Shopwerx, used by one of our client’s workers. 

Client Testimonials
Steve Brittain
Steve Brittain
Municipal Manager, Select Engineering Consultants
Read More
Dan and his team have been able to meet all Select Engineering challenges with minimal disruption to the business; from fast access to corporate resources thanks to our DaaS solution, to collaborating with internal and external parties utilizing our manager VoIP phone system or accessing SaaS solutions using the fully integrated security solutions.
 Daniel Elliot
Daniel Elliot
Operations Lead, Omni-McCann Geoscience
Read More
Framewerx rescued my company from obsolete digital file management and brought us into the 21st century with cloud services in an efficient manner. Kalyn and his team at Framewerx were able to provide solutions for merging two corporate entities with vastly different digital file management and email servers in a seamless manner while providing top quality support during and after the transition to all employees. They provided training so that everyone understood new operating protocols and software changes. Framewerx has been very responsive and has always been keen to work with us to understand our business, IT needs, and financial restrictions. We continue to work with Framewerx for all of our IT, phone system, and data storage needs.
 Karim Mouait
Karim Mouait
Vice President, Cornerstone Insurance Brokers Ltd
Read More
We used Framewerx to transition our traditional office to a virtual one. This included VOIP, call recording, video conferencing, VPN, remote working from home accommodations etc. Dan and his team did a fantastic job. They are extremely responsive and client service oriented.
 Kimberly Maber
Kimberly MaberManaging Partner, Brunsdon Lawrek & Associates
Read More
I have worked with Kalyn and his team for many years. He has readily handled all of our IT needs, from designing our IT strategy to our day to day computing requirements and support. Kalyn takes the time to listen to and understand our needs, delivering cost-effective and innovative IT solutions for our small business. I highly recommend working with Kalyn at Framewerx.
Services we provide

Inventory Management

Inventory Count Tool

Enhance inventory auditing and future reconciliation efforts with a versatile mobile and web-based application.

Fabrication & Progression Management


Efficiently oversee and optimize the fabrication process of steel components, meticulously tracking and managing the progression of fabrication tasks from staging, prep assembly, welding, QAQC, all the way to shipping.