In those dangerous industries where safety is taken very seriously—such as oil and gas, or manufacturing—near miss reporting is used to improve safety processes.
Analysing those occasions where a disaster nearly happened helps identify potential problems and put in place corrective actions. This reduces the number of future accidents and helps instill a safety-first culture.
Near miss in cyber security
A near miss in cyber security is an unplanned event (or series of events) that could have resulted in a cyber security incident, but by chance did not.
Examples of near misses include:
- Someone lets an unauthorised person into an area of your business that they should not have access to. Luckily, the unauthorised person did not have bad intentions—they were just looking for a meeting room and got lost. No damage was done.
- You can’t find your laptop, which contains client information. Luckily, it turns out not to be lost; you left it in a colleague’s office.
- A junior member of staff is about to head out to buy gift-cards on your behalf following an email ‘from you’ asking them to do this and then email the codes to ‘you’. Luckily, you happen to talk to them just before they leave and can stop them doing this.
- Your colleague receives a text message on their work phone from ‘HMRC’, asking them to urgently click on a link to update their information. Luckily, you are having lunch together, and you can warn them that it is a scam.
Encourage people to complete near miss reports. They may be embarrassed to acknowledge a mistake, they might be concerned that they’d get in trouble, or the reporting might take time out of their day. By reassuring them that there will be no comeback on them (and making sure that there isn’t), explaining how it helps their colleagues and the business, and by making the reporting as quick and easy as possible, you will gain valuable information about potential risks to your business.
Don’t ignore these reports; by investigating them to find out the root cause of the problem, you may be able to identify weaknesses that you can mitigate. By sharing the findings, and what you are doing to fix the weaknesses, you support the development of a security culture, warn other people about scams, and encourage future near miss reporting.
Putting in place a strong system of near miss reporting of events can help build a security culture and help you identify and amend potential problems. The information collated may also be useful should a security incident occur in the future.
Contact us if you’d like help with any cyber security issues on 0113 733 6230 or use our contact form. Don’t forget to subscribe to our newsletter for cyber security tips and information in your inbox every month.