Cyber Behaviour and Culture

Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.

Why is human behavior a threat to cyber security?

Organisations face a wide range of cyber threats from hackers, disgruntled staff members and individuals who are often unaware of how their risky online behaviour could result in a costly compromise of customer, staff or company information.

Examples of human cyber risks include (but are not limited to):

  • Clicking on links or attachments in suspicious scam or phishing emails; or
  • Accidentally sending personal data via email to the wrong person.

Hackers are well aware of the human vulnerability and use clever phishing tactics to trick people into helping them obtain unauthorised access to company systems and information and no industry is immune from cyber attacks.

Lack of investment in cyber security policies, training and awareness is the issue

Organisations tend to invest resources in security technical measures (e.g. firewalls, patching, vulnerability scanning, anti-virus software and penetration testing, etc) to protect critical assets, but often overlook the importance of implementing effective organisational measures (policies, awareness and training).
This is evident through:

  1. Policies: No cyber company policy exists or has been published. If a cyber policy exists it’s overly technical, out-of-date and difficult for staff to understand;
  2. Training and awareness: Staff have not been trained or tested on their understanding of the cyber policy, external cyber threats and risks; and
  3. Roles and responsibilities: In the event of a data breach, senior management or staff members may not be clear on their role in following incident response procedures.

How can Mazars help you drive the necessary change?

Cyber culture maturity assessment

Conducting cyber organisational culture maturity assessment. Informing strategy and plan including prioritisation of fit for purpose program solutions.

Phishing Training

Tailoring and using real email phishing threats to an organisation. Selecting Staff to test and providing immediate teachable moments to reinforce expected behaviours.

Cyber Champions

Establishing a cross-functional working group to identify cyber human risks, building awareness and driving a cyber conscious workforce at the grass roots of an organisation.

Incident Response

Preparing well-defined, organised approach for handling any potential threat via an Incident Response Plan. Delivering role play data breach simulations to test organisations readiness.

Cyber Policy

Developing and launching creative and visually appealing cyber policies, in conjunction with the business departments.

Cyber Awareness

Sequencing cyber awareness activities based on risk and 
theme such as; town hall events, lunch and learns, poster campaigns, quizzes, videos, and visible senior leadership engagement.

Cyber Training

Tailoring learning modules to reflect an organisation’s cyber policies and procedures. Delivering role based training enabling staff to work through interactive modules to reinforce learnings.

Cyber Metrics and Reporting

Monitoring and reporting on program effectiveness.

Want to know more?

Related

Code barre 1086X202.jpg

Decision Support & Financial Modelling

Business management’s performance is judged on the quality of its decisions, and their subsequent execution. Resultant performance can be seriously undermined where decisions are made:

bonhomme_1086x202.jpg

Business Process Improvement

An organisation's overall effectiveness is intrinsically linked to the efficiency of its business operations or processes. As your organisation develops and changes, you need to ensure that operations are carried out in a manner that is driven by the business needs of the organisation and that they are fit for purpose with respect to design, efficiency and effectiveness.

Untitled-1 copy.jpg

2018 Summary Of DPO Annual Report

It is the first annual report produced by the Data Protection Commission (DPC) following the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018 and Helen Dixon gives us a useful insight into the ever-increasing public awareness of the importance of data protection and, consequently, provides an insight into the expanded and central role that the Data Protection Commission will play in Ireland.