The fight against cybercrime is a constant challenge, and even businesses that invest a large budget into security software and in-house cybersecurity teams aren’t immune to cyber attacks.
There are lots of different ways that criminals try to penetrate companies’ systems, although by far the most common is through your teams.
Fully 90% of breaches start with human error, so making sure that employees know what to do when they receive a phishing email, or another type of attack is vital in preventing future attacks.
When a cybersecurity incident occurs, this is why it is essential that employees report the incident:
In some instances, people might be afraid to report incidents, as they might feel embarrassed if they did something wrong like click on a link in an email. This is why it is important to communicate to the workforce how important incident reporting is and that the process exists to protect the business, not to identify employee errors.
Making reporting a non-punitive exercise and, in fact, rewarding employees which do report incidents is a vital part of building a positive cybersecurity culture.
Every business should have its own process for reporting incidents, such as to a fraud team, or to IT security, for example.
The process should be clear for employees, if you have a company intranet site, you should publish your IT security policy and incident reporting process onto it for people to easily find.
It is also a good idea to list all of the types of incidents that need to be reported. Some of the possible incidents include:
These are just a few examples but there are many more techniques and methods that hackers use and errors or unusual behaviour of internal employees should be reported too.
To ensure that your employees understand what to look out for and what course of action to take, our Incident Reporting course is the perfect solution. Book a demo today to discover how you can get access to our Incident Reporting course for your team and full access to our 55+ strong catalogue of cybersecurity and compliance courses.