This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Awareness programmes should be engaging and allow users to learn

Share this article:
Awareness programmes should be engaging and allow users to learn
Awareness programmes should be engaging and allow users to learn

Employees should be able to apply a level of risk management in order to protect the business and themselves.

Speaking to SC Magazine, Amar Singh, News International CISO and chair of the London Chapter security group of ISACA, said that staff awareness and training were huge opportunities to invest in.

He said: “I think the balance in running an awareness campaign is all good, but engaging with the user for what is information security is the main thing. If I can engage and can have a framework or process that every user can engage with me, I believe I can increase awareness by doing that.

“The problem is with training and awareness. Someone I spoke to said they achieved 90 per cent awareness with an exam every six months, but if that is the only measurement of success, then people just click through.”

Singh said that in his role at ISACA, one of his objectives was to increase awareness in information security, especially in schools where nothing was being taught. “I want to spread and engage with people on information security, as I want to engage my users so I can make the awareness much more effective,” he said.

Singh said that he is currently trying to convince users to adopt a policy by talking to people face-to-face for the top five things for News International, as exams statistical key performance indicators have no real level of engagement.

In terms of what he was training on, he said that this was "in every possible way" on spear phishing, social networking and removable media, as users need to know what threats look like.

He said that he came in ‘post incident' and was working with the company's data protection officer to build a security division.

Asked if he felt that it was hard to drive security home to people who were not security conscious, Singh said it was "definitely a challenge", as the younger generation are easier to engage in these issues.

“They may not appreciate security, but they are more tech-savvy than ever before and they know how to use the basic technology,” he said.

“The challenge here is that they may understand technology but they may not agree with it. A simple example is to share, but ask yourself if you want to share less, as the media is full of stories of people who do the wrong thing.”

He said that trying to build a risk-based culture should involve applying risk to everything you do, as today everything is everywhere. He concluded by saying that security should be as transparent as possible, but users should be able to step up to the plate.

“I am not saying get rid of controls, let them do what they want but offer training on password management and if you see constant issues with a user, you can offer further training and awareness,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.