People working in our cyber world have access to a wide range of
information including sensitive personal or corporate information which
increases the risk to it. One of the aspects of the protection of this
data is to train the user to behave more securely. This means that every
person who handles sensitive information, their own or that of other
people, be aware of the risks that their use can pose as well as how to
do their job in such a way as to reduce that risk.
The approach we use for that is called 'Security awareness' but would be
more accurately described as security 'un-awareness' because most of the
problems come where the user doesn't know about a risk from their
behaviour, or its potential impact. In these post COVID days of 'New
Normal' working, in which staff spend more of their time working at
home, organisations are still responsible for the protection of
sensitive personal and corporate data. This means that it is more
important than ever to create an effective security awareness
communication process.
This book will primarily consider the problem of hitting that 'Sweet
Spot' in the age of 'New Normal' working, which means that the knowledge
about secure practice is not only understood and remembered, but also
reliably put into practice - even when a person is working alone. This
will be informed by academic research as well as experience, both my own
and learnt from my fellow professionals, and then will be used to
demonstrate how 'New Normal' working can improve security awareness as
well as challenge it.