Last week I attended a facilitation skills workshop with a group which contained mainly lawyers. The two day programme was great. The main take-outs for me were how to structure a facilitation session, considering the audience and encourage audience participation when appropriate - all obvious things you may think, but I'm sure we've all been guilty of hiding behind a PowerPoint slideshow particularly when facilitating or presenting remotely. Anyway....
As part of the main session we all chose a subject to present on at the start and end of the course, showing progression in our learning. I chose "Cyber Security in the personal space" for my session. I touched on subjects such as how delicate a mechanical hard drive can be, new topics such as Ransomware and the use of Dropbox for the consumer. I was surprised two fold by the reactions of my legal audience. Firstly, it became apparent how little the audience of four were aware of what can cause potential data loss, the scale and number of hacking techniques used today and what happens to the pictures they've taken of their credit card which has automatically uploaded to Dropbox. Secondly, with the audience not being privy to what can happen to their data, I was taken back by the interest that the audience had after receiving the session I ran, this pleased me.
It is very obvious to me that Cyber Security Awareness is not at a level where companies can feel safe that their employees are doing everything in their power to consider the company's integrity through best practise. If the man in the street is not adhering to his own best practises to keep personal data safe, why would this be any different in the workplace. I'm certain their is a perception that IT/Risk need to worry about Cyber Security; of course this is true, but it goes beyond the specialists and into the business where the damage can be done.
My experience in the session proves that interest can be generated when you relate the circumstances to things that can affect personal lives; threats of losing the digital family photo album can help, as can warnings of an intruder in your bank account. Strategic communication planning with IT, Risk and HR teams are essential, and information sharing is key as new issues arise. This is only going to become more prominent over time, be careful out there.