Menu Close

If you choose not to address the risk, you are making a decision to accept the risk

For those organisations that want to get in front of privacy and online security risks, there’s a lot happening now:

 Apart from the Optus, Telstra and Shangri-La Hotel breaches in the news this week, we’re not far off the Christmas rush. In the online shopping flurry, there’ll be more opportunity for those who are deliberately trying to get hold of credentials to access networks and personal information. And, it’s Cybersecurity Awareness Month!

 So, now seems like a good time to be reviewing where you’re at with the risks. We’d recommend the following 3 steps:

1. Find out, are your users really following your policies and procedures? 

Talk with the teams in Risk and Compliance, IT and Information Management, Security, Privacy, HR, and any other team likely to be aware of the true risk position. Making assumptions in answer to this question, can mean you miss an opportunity to improve. Hard, honest, assessments are needed here.

 2. Consider what engagement you’re really getting?

If people don’t know what’s in the policies and procedures, you don’t have engagement, or the motivation to support your risk efforts. Worse still, if they don’t know a policy or procedure even exists.

We recently spoke with a client who described their privacy training as “sh*t”. Clearly, it’s not helping if people view it as an obligation to suffer through, rather than something they might learn, and which is of interest.

3. Then, have a risk conversation with the Leadership Team

If you haven’t experienced a serious breach of personal information in your organisation, that’s great, but if significant risk exists, now is the time to address it.

Most organisations we talk with don’t make this point with their leadership: “If you choose not to address the risk, you are making a decision to accept the risk.” Which is a scary position to be in, considering the current environment.

Agree on the steps, budget and timeline required to address outstanding risks.

Our 2 hour Masterclass this month, can give you a great foundation to remedy a lack of engagement and support for your privacy and security efforts. We hope to see you there, please visit our website page for more details.