I want to lower the risk to my data in 2023. What do you suggest?
You need an "all-of-the-above" strategy, including policies, standards, and contingency plans, as well as equipment and personnel to lower your risk effectively.
With that said, if you must have an emphasis, I suggest following the data. According to Verizon's data breach report, 82 percent of breaches involve a human element, according to the 2022 Verizon's data breach report. Human error is defined as doing something or not doing something a person should do. https://www.verizon.com/business/resources/reports/dbir/
The best way to eliminate human error is to change human behavior, and the one proven method for changing behavior (separate from a person making a mistake and not wanting to repeat the mistake) is training.
Unfortunately, most organizations do not train. A recent Canadian survey found that only 34 percent of employers trained their employees on cyber awareness. https://www.newswire.ca/news-releases/only-34-of-small-and-medium-sized-business-employees-report-receiving-mandatory-cyber-security-awareness-training-876508519.html
The takeaway is that if you want to significantly cut your data exposure in 2023, the data shows that training employees to limit human error is a foundational pillar for any data protection strategy because learning from mistakes is far more costly when it comes to cybersecurity.
Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.
If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to firstname.lastname@example.org. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.