For many years, organisations have invested heavily in security awareness training. Yet despite this investment, many organisations still struggle with understanding information risk. Employees watch videos about phishing emails, complete online courses and answer multiple-choice questions designed to help them recognise suspicious behaviour. The assumption is that if people can recognise threats, they will make
One of the more interesting projects we worked on recently involved a small professional services organisation rolling out a new client intake and workflow platform across several offices. The project itself looked fairly ordinary at first glance. Online forms, document uploads, automated notifications, reporting dashboards — the sort of thing organisations implement every day. The
Many organisations treat supplier security as a simple yes-or-no question. Either the supplier is “secure” or it is not. In reality, supplier vetting sits on a spectrum. Some parts are straightforward. Others require technical judgement, experience and sometimes independent advice. Sadly most organisations don’t know how to vet their suppliers. The easiest situation occurs when
I am often asked whether email is “secure enough” for clinical work. The truth is that most privacy problems with email are not caused by failures in the technical continuum, but from ordinary human moments — forwarding the wrong message, including too much detail, sending sensitive information to the wrong address, or assuming an email
- 1
- 2
