What are the challenges in bringing across a message of cyber resilience across an organisation?

"The way we adapted was...moving as much as we can to fit the situation we find ourselves "

 

Nick Harris, Global Head of Information Security at Oxford University Press talks to Sooraj Shah about how security awareness and resilience messaging moved into different forums to give colleagues the skills to work securely from home.

Nick will be speaking at the teissR3 | Resilience, Response and Recovery summit taking place online, 15 - 24 September.

This year, the very popular teissR3 event focuses on how to improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Space is limited. Register your free place by clicking here.

Video transcript

So in terms of the challenges that you've had in bringing across your message of cyber resilience across the whole organisation, what have they been?

So particularly around resilience of our staff, allowing them to keep us secure, allowing them to have the skills, knowledge, awareness to do that, usually we would be able to join particular forums and in person, explain our message, what things cost, would be able to set things up, standards as it were, even to the point that staff would see posters in the office, awareness type material that would reinforce the security of their organisation and an ongoing resilience.

Things that they could do to continue to access information or even down to sort of password rules. And simply, that was taken away from us very quickly. The way we adapted was like everyone has, really, moving as much as we can to fit the situation we find ourselves.

We had a project to change from an annual training and compliance effort to something that we could provide on demand videos and awareness material, targeted campaigns, a new identity, an identity interestingly that we intentionally aligned with the business continuity project's identity. So their objective was to keep the organisation going.

Well, our objective definitely pulled into that. So we felt an identity that was similar, really kind of aligned with us. And by having that identity and this sort this new training awareness, we increased our Yammer posts, our newsletters, to twice a week, within the bounds of the capacity within the team to reach as many people as we could.

We put a lot more content through different forms that were being held, taking advantage of webinars or internal briefings, anywhere that we could use the audience to get our message through and give them what they needed, which was essentially the skills and the security to work from home.

And it was not done alone at all. Like I said, doing, it with the business continuity effort to do a much wider remit but we are definitely supporting. Our messages were aligned and we were coordinated in our approach. And equally using, what we had was luckily a very effective internal controls internal communications team, who were able to support us, help us with the content, and get to the right audience.