This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Awareness programmes should be engaging and allow users to learn

Share this article:
Awareness programmes should be engaging and allow users to learn
Awareness programmes should be engaging and allow users to learn

Employees should be able to apply a level of risk management in order to protect the business and themselves.

Speaking to SC Magazine, Amar Singh, News International CISO and chair of the London Chapter security group of ISACA, said that staff awareness and training were huge opportunities to invest in.

He said: “I think the balance in running an awareness campaign is all good, but engaging with the user for what is information security is the main thing. If I can engage and can have a framework or process that every user can engage with me, I believe I can increase awareness by doing that.

“The problem is with training and awareness. Someone I spoke to said they achieved 90 per cent awareness with an exam every six months, but if that is the only measurement of success, then people just click through.”

Singh said that in his role at ISACA, one of his objectives was to increase awareness in information security, especially in schools where nothing was being taught. “I want to spread and engage with people on information security, as I want to engage my users so I can make the awareness much more effective,” he said.

Singh said that he is currently trying to convince users to adopt a policy by talking to people face-to-face for the top five things for News International, as exams statistical key performance indicators have no real level of engagement.

In terms of what he was training on, he said that this was "in every possible way" on spear phishing, social networking and removable media, as users need to know what threats look like.

He said that he came in ‘post incident' and was working with the company's data protection officer to build a security division.

Asked if he felt that it was hard to drive security home to people who were not security conscious, Singh said it was "definitely a challenge", as the younger generation are easier to engage in these issues.

“They may not appreciate security, but they are more tech-savvy than ever before and they know how to use the basic technology,” he said.

“The challenge here is that they may understand technology but they may not agree with it. A simple example is to share, but ask yourself if you want to share less, as the media is full of stories of people who do the wrong thing.”

He said that trying to build a risk-based culture should involve applying risk to everything you do, as today everything is everywhere. He concluded by saying that security should be as transparent as possible, but users should be able to step up to the plate.

“I am not saying get rid of controls, let them do what they want but offer training on password management and if you see constant issues with a user, you can offer further training and awareness,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.