Re-thinking The Human Factor with Bruce Hallas

In this episode we look through the eyes and experiences of an education and awareness manager from Brazil. We explore the consistent challenges, no matter where you are or what your culture is, when it comes to employee awareness, behaviour and culture.

In this episode we delve into the world of branding with the out standing Geraldine Michel and explore possibilities for security professionals responsible for the human factor. We draw on lessons from the world of fashion, by skirting through branding and how Brand Directors and Managers utilise this mammoth of the modern day commercial world to shape and influence behaviour and culture. 

Internal communications is a major stakeholder in employee awareness, behaviour and culture. We often defer to their skills and experience as the specialists in communication strategy for reaching out to internal staff. However, there's something a foot in the industry. Traditional ideas of what makes "good internal communications" are being challenged and our good friend "behavioural science" has been a great influence on the thought leaders in the field of communications. In this episode  I talk with one such thought leader.

In previous episodes of the podcast we have explored why human judgement and decision making, which drives our behaviour, is heavily influenced by the environment within which we make our decisions. In this episode we take this one step further and ask how employee awareness, behaviour and culture pans out, after all of the theorising and planning, when the tranquil environment of corporate learning is replaced by the rawness of a major security crisis.

In this episode I am joined by my co-authors, Adrian, Ciaran and Jess, of the CyberSecurity ABC’s book for a long overdue catch up. We hadn’t been able to spend anytime chatting for a while and so it was fabulous to get us all together again to enjoy having a talk about security awareness, behaviour and culture. We touch on not just the challenge of employee awareness, behaviour and culture but also about industry stakeholder’s roles in recognising the long overdue need for change. We explore the role of the environment in people’s decision making through the way Covid 19 has shaped not just the world but highlighted the need for continually re-assessing employee education and awareness. We tread the well-trodden path and saying that education and awareness doesn’t always deliver changes in behaviour and culture, and we ponder whether there needs to be a change in the language that industry uses to really break through the glass ceiling that’s been imposed on everyone responsible for employee education and awareness. It’s a great episode, touching on so much, with some laughter rolled in and a dodgy rendition of the Thompson Twin’s Doctor, Doctor track as well.

Episode Outline: We love a different angle here at Re-thinking the human factor and we think this interview is a great new angle with which to tickle your re-thinkology senses. Pay attention closely and it’s littered with insights which can make a difference to your efforts. In this episode I have the privilege to chat with the ex Information Commissioner to the United Kingdom, Richard Thomas. Richard was appointed by Her Majesty the Queen to spearhead the data protection office in its delivery of embedding privacy cultural values into day to day life in the United Kingdom. Richard explains the challenges that he and his team faced around awareness, behaviour and culture and also his thoughts around what good awareness, behaviour and culture might look like from a  regulators perspective when assessing an organisation who has been reported to the regulator for a breach in security around personal data.

The vast majority of cyber attacks target people, not technology. That's why an approach to cybersecurity that centres around people can be a game changer. Research shows that ensuring employees know what to do when faced with a real threat can reduce successful phishing attacks and malware infections by up to 90%. But how do you go about it? Do you just go for it? In this episode, we’ll dive deeper into what it means to have a people-centric approach to cybersecurity, and how putting the human at the heart of your strategy can be a change gamer.

In this episode we talk with a guest who is on the front line when it comes to employee education and awareness. We talk about video content, tailoring your content to your audience and what it takes to succeed when it comes to creating videos for education and awareness purposes. We will also explore why we should not neglect, or make assumptions about, the cyber security teams brand and how our customers perceive us. And, if we get this right, how it contributes to our roles as influencers of employee awareness, behaviour and culture.

Knowing when to deliver the right education, to the right people, at the right time is critical in building security aware teams that succeed. However, when failing to maintain users engaged the organisation’s exposure to threats might be an even bigger challenge to solve. In this episode, we’ll diver deeper into how ‘limited attention’ can result into a security awareness-poor organisation and explore the different ways in which people learn, the importance of ‘Learning Science Principles’ in maximising the learning curve.

Culture is an intrinsic part of what makes us human – it encompasses the social behaviour and norms found in human societies and their individuals. And, in a ‘always on’ digital society, that can only mean one thing – We Click! We click to open potentially malicious emails, infected files. We click to share information and then we click to share a bit more – all in a simple click of a button. In this episode, we explore how cultures are formed and influenced by digital, social media, and we touch on the role of technology in allowing organisations to drive security awareness and cultural change in today’s ‘NEW HQ’.