Simplifying Cyber Security, with Neil Frost

NEIL FROST joins us for Series 3, Episode 7 of the Re-Thinking the Human Factor Podcast. Join us for this straight forward discussion on how to cultivate easy to digest security campaigns that have the lasting effect of benefiting culture.

Neil Frost was part of the team responsible for Security Awareness and Culture at the HMRC (the UK Tax Office). Before that he worked at the UK Police Force on Training and Awareness.

Simplifying cyber security with Neil Frost

by Bruce Hallas | Re-thinking the Human Factor Podcast

JOIN NEIL FROST AND BRUCE HALLAS AS THEY DISCUSS:

Defence

Real life physical combat and cyber defence.
Observing natural human responses like ‘flinch response’, putting your arms up to protect yourself.
Using human nature and then building culture to seed sustainable security.
Correct training and how understanding human behaviour can help develop a stronger yet flexible strategy.

How does the training reflect reality?

It is not just about the results of the training it is also about identifying opportunity for improvement.
Training doesn’t stop at the end of a course.
Personalised training is key.

How does budgeting effect outcome?

Is there the money to fund personalised courses?
Be brave and strip back messages to stream line information.

Cognitive overload.

Receiving too much information can be a drain.
Invest time and energy into right planning across the board.
When information is not relative it can be hard to digest.
Invest in the human side of education and behavioural culture.

Do labels limit?

Education and awareness and how people view it.
The end users don’t like feeling overloaded with training.
How perceptions can block the flow of information.

Blocking versus engagement.

Gauging from the beginning via data what the need is for training.
Making people feel empowered rather then ‘this is being done to them’.
Supplying the right security products.

Defining questions.

Reducing biased in surveying.
Quantitive data can be gleaned beyond surveys.
How can we get the real data rather then answers given because just to please?
Creating an information architecture.

Implementing lasting change.

Webpages can yield a 10% return, how to get 100%? Improving strategy step by step.
Security awareness month does it help or hinder interest?
Making security less ‘boring’ to people outside of the industry.
Find the right message and story to make people care about learning new cultures and behaviours.

Wired For Stories.

Story telling as a means of communication is hard wired into human behaviour.
Building interest using our natural tendencies aids security professionals gain a healthier end result.
Case studies can be a good format when sharing information.
Does a story always need to be based on real life or is a ‘fairytale’ beneficial?

How aware are we?

Being honest and taking in honest feedback to improve. Open the channels, don’t close them down.
Listening is a good habit to cultivate.
Compliance as a positive. The best police officers listen when tackling a security risk.

Find the right tools such as software platforms and technology to create your solutions.