Compliance Role in Mitigating Cyber Mayhem

mary-bennett.png

...the data clearly show that human error is still the leading cause of cyber security breaches.

In recent years, attention has been drawn to the impact of cyber and data breaches and the extent to which our organizations remain vulnerable to these threats. The cost of cyber and data security breaches is well known and most organizations are taking steps to address the problems. But while much is being done, too often ethics and compliance officers have remained on the sidelines wrongly assuming that cyber security is not their concern. While ethics and compliance departments may not be the appropriate lead function to address these risks, it is a serious mistake for E&C to be uninvolved. E&C can and should play a key supporting role in identifying and mitigating cyber and data-related risks.

One obstacle to more involvement is the assumption that these risks are technology problems and therefore are best mitigated by technology solutions. But the data clearly show that human error is still the leading cause of cyber security breaches. For example, recent research “revealed that 69 percent of companies reporting serious data leaks reported that their data security breaches were the result of either malicious employee activities or non-malicious employee error.” The biggest cause of breaches was non-malicious employee error (39 percent). Interestingly, only 16 percent were due to hackers or external invasion.


This article originally appeared as #8 in our: 
Top 10 Ethics & Compliance Predictions and Recommendations for 2017


In spite of this evidence, many organizations are missing this root cause and are focusing exclusively on infrastructure instead of making an investment in employee education and training, but here is where E&C can play a pivotal role.

Key Steps Where Compliance Can Mitigate Cyber & Data Breaches:

Have Clear and Easy-to-read Cyber Standards

Be sure your organization has up-to-date cyber security policies and that the topic is adequately covered in your Code of Conduct. But equally important, make sure the policy and the Code are understandable to employees. E&C officers have done well in recent years developing policies and codes that avoid legalese. In a similar manner, E&C officers need to ensure that their cyber standards are also free of tech-speak and are clear and easily understood by all.

Include Cyber Security in Your E&C Training

Like all training, cyber and data security training should be targeted and tailored to the roles and responsibilities of employees – one size does not fit all. As an E&C officer, apply what you know and the work you’ve already done in developing your E&C training schedule to determine the best and most effective way to deliver cyber and data training so that it will be accepted and effective across your employee population. Information about cyber security can also be woven into case studies within existing E&C training.

Leverage Your Helpline 

If you are not already doing so, be sure to add cyber security and data breaches as examples of the type of issues that ought to be raised using your reporting system and Helpline. When you do so, make sure that appropriate escalation and resolution protocols are in place when technical questions are raised or threats are reported.

 Avoid Turf Battles

Remember that if you want a seat at the table when cyber security is discussed, you may need to give up valuable space or time that is currently devoted to more central E&C issues. This may include giving up time that is currently set aside for E&C training on other topics, or sacrificing space for posters and awareness campaigns on billboards in common areas, as well as virtual space on websites and the intranet. It may also include allowing cyber-related questions to be included in employee surveys in place of other E&C questions.


Download White Paper: Top 10 Ethics & Compliance Predictions and Recommendations for 2017


 


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Top 10 Ethics & Compliance Predictions and Recommendations for 2017

It’s time for our annual review of trends and events that will impact your Ethics and Compliance (E&C;) program in the year ahead. This year presents a unique challenge. We are preparing our predictions before the dust has settled from the recent U.S. election. While changes are likely, many of the challenges we face are unlikely to be affected at least in the near term.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

The Chemistry of Compliance: Finding the Perfect Blend of Incident Reporting, Training and Case Management

A robust compliance program uses a blend of internal reporting data, training and case management to create a program stronger than any one of its parts. Yes, that takes careful planning and some experimentation—and yes, the payoff is worth it.
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments