That was the question that the IISP East Midlands branch tried to tackle recently at its forum in Leicester.  The evening gave a chance for information security professionals across the region to get together to network with colleagues and discuss this most important of issues.

Survey after survey from across the cyber-security sector shows the prevalence of cyber attacks that are facilitated in some manner by employees of the organisation that suffers an attack.  So it shouldn’t need emphasising too much just how important it is that organisations need to ensure that their employees are adequately equipped to deal with the threat.

After years of analysing what works with users, and more importantly, what doesn’t work, the two speakers at the forum, Jim Shields (Restricted Intelligence) and Geordie Stewart (Risk Intelligence/John Lewis Partnership), were happy to share their insights about what makes people tick when it comes to their habits regarding sensitive information.

Overall they felt it was time that the industry took a different approach – what’s being tried at the moment just isn’t being effective enough. They challenged the audience to take a step back and work out how to engage staff with the right messages on information security.

One of the examples they used was how some airlines had taken a more engaging approach to passenger safety in-flight demonstrations. Take a look at this example from Air New Zealand.

They then challenged the audience to think how this could be applied in an information security setting, which led to a lively discussion. Resources from the evening are now available on the IISP East Midlands Resource Page.