BLUF

Having a 'no blame' culture can promote honesty and make it more likely that people will report potential security threats.

Summary

Organisations face daily cyberthreats as criminals attempt to breach networks to gain usernames and passwords or even prepare for 
malware or ransomware attack. This article makes the following points:
  • If an employee clicks a phishing link or has fallen victim to a cyberattack and knows they won't get into trouble if they report it, they are far more likely to report the attack.
  • An IT department wants to know if somebody has clicked a malicious link to give them time to manage the incident. 
  • Organisations need as much information as possible about what is going on in the organisation's cyber environment.
  • If an organisation does not know that malicious activity is occurring within its system, then that might allow hackers enough time to initiate a significant cyberattack.
  • Employees must feel comfortable about reporting potential incidents to help the organisation stay safe from cyberattacks.