Tip 1: User security education

The first post in this series is about education, because in my view it’s the most important gift we can give our colleagues (and friends / family). We security professionals need to show colleagues how they can be safe online, both at work and at home. I’m not taking about making them sit through boring mandatory training that’s the same as last year 🙂 - colleagues need education that they can action, not a compliance tick box exercise!

Security professionals need to take the safe behaviours we want to see, and help colleagues link them to their daily lives. Telling them to "use strong passwords to protect your account" will probably result in responses like "there’s nothing of interest, no-one would hack me" or "it doesn’t matter if I get hacked". Instead, let’s show people why it does matter. Explain that if an attacker gets into their email account ("it’s only got boring emails in it…") that an attacker can reset the password for services they do care about. Many colleagues wouldn’t want to lose access to their Facebook, Instagram, TikTok, or other systems for example.

Our goal isn’t to scare colleagues into doing what we want, it’s to help them understand that some basic "cyber hygiene" is easy and can keep them safe. Sure, let’s show them some of the bad things that can happen (a live demo is often fun after all) but remember to show them something useful they can do today.

Over this series of short posts I’ll share some tips. Hopefully they help your organisation to be more secure. Alternatively, if you’re interested in me running some engaging security training for you, get in touch.