I am sure you have all read about the security gaff in the USA where a journalist managed to “hack” a secure messaging system by accidently being added by a national security advisor to a chat discussing sensitive war plans. This is really the equivalent of having a fancy alarm system and triple locks on the doors at home and then leaving your keys in the door when you go to bed.

This story highlights that in all businesses, the risk of losing critical data or a GDPR breach is not necessarily from cyber-attacks. In many cases, the users in the business are the biggest risk of data loss. When building a security strategy, many people focus on investing in sophisticated IT solutions as a magic pill to prevent all security issues and do not put enough attention to the user community. A good security strategy, in addition to using technology to manage risks, also needs to have:

• Clear and well-communicated policies and procedures with annual reviews.
• Frequent security training for the user community and IT teams – there are plenty of good computer-based training solutions to help with this.
• Methods to evaluate the competency of your users, such as email simulations or ethical hacking.
• Ways to drive accountability for security with your users – it is often perceived as an IT issue and not a business issue.