What’s your greatest security risk?
Now there’s a question for your board! If you’ve ever asked them, then they might have answered with any of the following:
- “Being unable to trade because somebody downloaded ransomware from a phishing email.”
- “Getting a massive fine under GDPR because somebody left customer data on a train.”
- “Losing valuable IP because somebody allowed a thief to tailgate into the building.”
These are all very real fears that any exec ought to be concerned about – and if they’re not saying these things then they should be! BUT that’s not their greatest security risk.
All of the risks they cited had a person at the heart of it – clicking a link in a phishing email, careless handling of confidential information, failing to challenge a tailgater – and if your exec is on the ball then they’d know that people are central to their security risks and that – with training that focuses on behavioural change and the development of a robust, proactive security culture – those same people can be the security solution.
BUT that’s still not their greatest security risk.
So what is the greatest security risk?
Your board might not want to hear the answer, but until they make a commitment to allocate budget to practical staff security training, and developing the security culture they need to handle the threats and challenges of cybercrime in today’s world, then they, the board, are their business’s greatest security risk.