The line between HR, IT/security and GDPR compliance is an ever-blurring one, with reporting of data breaches to the ICO, affected employees and customers all part of your legal duty should a data breach occur. While the balancing act between security and freedom (particularly for your employees as they go about their daily tasks) is always delicate, there are some easy fixes, and they don’t have to take forever. A simple security review to examine fitness-for-purpose of security tools, as well as business needs against security, can be done fairly swiftly.

It may seem like a tomorrow problem, but ask any one of the hundreds of organisations splashed across the front page of tomorrow’s newspaper, if they wish they’d been on top of their security and they’ll tell you, “hell, yes!”.

The average cost of a data breach for an enterprise organisation being estimated (averaged figures from IBM, Capita and Upguard) at around US $3.5million, and took up to 200 days to contain. The loss to reputation and public relations, however, is incalculable.

Even if you’re a smaller organisation, or a charity, there are easy ways to brush up on security – reading this article and distributing the tips within it amongst your team is a good start! There are plenty of free resources on the web, and the first port of call should be teaching your team how to avoid phishing – a type of social engineering where emails and other communications are sent to your team or clients from a malicious party, disguised as legitimate messages.

Joshua Crumbaugh, CEO of PhishFirewall, has years of experience in phishing, ransomware, pen testing, and is a former ethical hacker (ethical hackers perform a vital service to companies by showing them where their cybersecurity weaknesses are).

“It’s estimated that employees receive an average of 14 malicious emails per year,” he told HR Grapevine, “and a data breach can cost a company $7.20 per minute!”

Crumbaugh has put together a list of the top 10 reasons phishing occurs, and how to prevent them.