Intelligent CIO LATAM Issue 35 | Page 71

FINAL WORD
When it comes to managing human risks , individuals likely possess all the data necessary to get started .
But what if there is a punitive culture , where people feel they will be punished for making mistakes .
But an effective strategy for approaching human risk management needs to be put in place .
A three-step approach of monitor , reduce , fix provides a useful framework that starts with analysing the data on the risks that employees are causing , coaching them to reduce the likelihood or severity of incidents and fixing the issues raised automatically or nudging them to fix them directly .
Organisations that do well at protecting personal data tend to have a positive attitude towards security – what we ’ d call a strong security culture .
One of the key indicators of a strong security culture is when people in organisations are not afraid to come forward when they have made a mistake .
If colleagues feel safe , knowing that they won ’ t get blamed for an honest mistake and that their organisation is going to work with them to rectify the problem , then they will inform what needs to be fixed .
They don ’ t stop having errors , but the company might well stop finding out about them until it ’ s too late to fix them .
How can human risk management help to create a strong security culture ?
1 . Encourage people to slow down
One of the times when mistakes are most likely to occur is when people are in a hurry . It doesn ’ t matter
It feels like almost every day we hear a story of another company being breached – with data being stolen by cybercriminals looking to steal an individual ’ s identity , access accounts or commit fraud .
www . intelligentcio . com INTELLIGENTCIO LATAM 71