Recently, a government organisation emailed a survey to a number of constituents, and the employee who emailed the survey accidentally attached the mailing list which incorporated personal details of all recipients and with enough information to potentially enable identity theft. In this case, simple and avoidable errors were made leading to reputational damage.
At the forefront of combatting errors by employees and reducing the risk of cyber security issues is employee training and evidence shows that in most cases, an organisation’s lack of engagement with cyber security and appropriate training of staff is a leading cause of these mistakes. To achieve this, everyone within the organisation needs to be aware they are responsible for the information they hold.
Response to a cyber incident is also essential. When an issue or incident arises, an organisation needs to be in front of the situation to mitigate any resulting damage as quickly as possible.
Cyber risk is much more than merely the idea of an external hacker; organisations need to consider the full gamut of other possible scenarios, including a mistake as simple as sending a mailing list in error, right through to a rogue employee deliberately instigating a programme error or creating a system backdoor in order to breach security.
Organisations cannot underestimate their increasing reliance on information technology; and take proper account of their need for the ongoing availability of those systems and associated data for the organisation’s continued operation.