Cyber security awareness raising comes in many forms and is important on both an individual and wider community level. In the past, and unfortunately still to this day, awareness-raising has been boring and ineffective. Dull online cyber security courses and presentations rarely stick in peoples’ minds or spur them to improve their cyber security practices. There are, however, many more effective approaches to cyber security awareness-raising, and it is best to tailor these to each audience. Different approaches will work better in different situations, and using relevant examples and case studies can help to raise engagement. Similarly, using more exciting demonstrations such as live hacking presentations can have more of a lasting impact on audiences. It is also best to be clear and concise in demonstration, while creating an approachable feeling which allows people to ask questions and learn more.
Awareness of good cyber security practice is important not just on a personal level, in the protection of an individual’s information and finances, but also for the protection of organisations and even countries and their infrastructure. With non-malicious insiders a large threat to the security of organisations, cyber attacks are often the result of an unintended breach by an employee. It is only through a strong understanding and awareness of cyber security that these risks will be reduced. Further, by raising awareness across the board and reducing the threat from non-malicious insiders, malicious activity will stand out all the more and evoke a faster and more effective reaction.
There is a lot that people should be made aware of in terms of cyber security, from effective password management to understanding the threats posed from social engineering. With so many threats out there, and cyber criminals ever-adapting to new technologies and trends, new threats and methods of attack change often. With this in mind, it is often much more effective to positively affect peoples’ outlooks towards cyber security, in the form of improving their situational awareness and mindsets towards their practices in security. These key skills can then be translated into many different scenarios and help to mitigate against many types of threats.
It is most effective to use tailored awareness-raising training and communications, so that you are sharing information which is directly relevant to the audience. For example, many organisations deliver awareness-raising training that focuses on personal cyber security for their workforce. This helps develop a security mindset, it has positive cultural benefits and it is especially valuable when employees are working from home and there is a blurring of lines between personal and professional technology-use.
It is also vital to remember that awareness in isolation is not the answer. It is important to make sure that the awareness-raising is having the intended impact on behaviour and that it is part of a positive cyber security culture within an organisation.