End user teams should be trained to understand threats. It has been observed in many cases that a user has been trapped in a phishing attack by opening an impersonated email. In one incident an end user forwarded an unidentified mail attachment to the IT team without proper subject, leading to a major ransomware attack. These are avoidable security incidents that can be addressed with proper training to the end user group.
Bulletin: The data security group should publish a monthly security bulletin within the organisation. The bulletin should cover the latest security events that occurred in the last month along with action taken, and infographic representation of device updates and current threat level.