teissTalk: Developing a people-centric security programme

teissTalk host Jenny Radcliffe was joined by Lydie Ngo Nogol, Chief Information Security Officer, PwC as lead guest, Helen Rabe, Global Chief Information Security Officer, Abcam; and Christian Toon, CISO of Pinsent Masons.

The importance of tailoring your security programme to end-users’ specific needs and preferences

Security programmes need to be tailored to the characteristics of end-users and the company. For young employees, traditional, static content is an instant turn-off. They need short interactive, animated input. Both young and older generations have their fortes – while the former is well-versed in technology, they are less familiar with privacy and security good practice. For the latter, it’s just the other way round. If you need to train staff without any previous experience in security, ease them into hardcore training. Helen shared a story on how they had familiarised their scientist teams for a year by showing them 5 minute animated videos on a daily basis in preparation for their enrolment in a security training platform.

Training should be personal rather than organisational. It’s especially important in remote and hybrid working environments that it’s not just security in the workplace that you want to improve but rather the cyber hygiene of the individual regardless of whether they are at work, socialise on snapchat or make transfers on their bank’s app. In home working settings employees’ family members can be also invited to participate in online security trainings – after all they use the same home network as the employee does. In a smaller physical office, information security experts can observe staff while working and point out which of their habits clash with good security practice.