If your organization has a recurring issue with colleagues not reporting personal data breaches, all of the following are advisable to do EXCEPT?
If your organization has a recurring issue with colleagues not reporting personal data breaches, all of the following are advisable to do EXCEPT?
If your organization has a recurring issue with colleagues not reporting personal data breaches, it is advisable to address the reporting behavior directly. Providing root cause analysis (A), clear communication on reporting procedures (B), and role-specific training (C) are all relevant actions that directly impact the reporting of breaches. However, distributing a phishing exercise (D) focuses on how employees recognize threat attempts, which doesn't directly address the problem of not reporting breaches.
B, C and D all address the issue with staff not reporting breaches. D is relevant because it is possible breaches are not being reported because breaches arising from cyber attacks are not even being recognised. Whereas A considers why breaches are happening in the first place, which is a separate issue.
D. Distribute a phishing exercise to all employees to test their ability to recognize a threat attempt. While testing employees with a phishing exercise is a good practice for increasing awareness about potential threats and improving security practices, it doesn't directly address the issue of colleagues not reporting known breaches.
I suggest D, the rest help in identifying or correcting the problem, doing a phishing test has no relation