Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
Why is human behaviour a threat to cyber security?
Organisations face a wide range of cyber threats from hackers, disgruntled staff members and individuals who are often unaware of how their risky online behaviour could result in a costly compromise of customer, staff or company information.
Examples of human cyber risks include (but are not limited to):
Clicking on links or attachments in suspicious scam or phishing emails; or
Accidentally sending personal data via email to the wrong person
Hackers are well aware of human vulnerability and use clever phishing tactics to trick people into helping them obtain unauthorised access to company systems and information and no industry is immune from cyber attacks.
Lack of investment in cyber security policies, training and awareness
Organisations tend to invest resources in security technical measures (e.g. firewalls, patching, vulnerability scanning, anti-virus software and penetration testing, etc) to protect critical assets, but often overlook the importance of implementing effective organisational measures (policies, awareness and training). This is evident through:
Policies: No cyber company policy exists or has been published. If a cyber policy exists it’s overly technical, out-of-date and difficult for staff to understand
Training and awareness: Staff have not been trained or tested on their understanding of the cyber policy, external cyber threats and risks; and
Roles and responsibilities: In the event of a data breach, senior management or staff members may not be clear on their role in following incident response procedures
How can Mazars help you drive the necessary change?
Case study - Security culture for Chill Insurance
Sarah Hipkin Head of Technology Consulting - Dublin
Organisations must develop a cyber strategy and culture that considers the human element if they are to minimise the associated financial, legal and reputational consequences of potential security breaches, writes Sarah Hipkin.
It has been almost three years since the GDPR came fully into force, and it feels like we have achieved a lot. Still, the challenges of greater digitisation coupled with increased awareness of the topic by people have resulted in no easing of the workload for organisations and data protection teams.