Building a great security culture 

What are the barriers and pain-points to behavioral change when it comes to cyber security? 

Even the phrase cyber security is a bit off-putting to some people. 

“Keeping information safe” can be a bit abstract even. 

The challenge all security practitioners face is finding the sweet spot where people understand security concepts enough to understand the required behavior and eventually make that behavior natural.  

Where we make security difficult for people, they will resist. 

For example, if we ask people to find and read to the Acceptable Use Policy before they travel overseas so they understand about roaming, device security, WIFI etc.  

Who is going to remember to do that when they’re planning a trip and have a million things to organize? 

How can we use technology to nudge a personal reminder about good security practices without relying on them to be proactive? 

For example, when someone books travel, they get an automatic email with a short summary of what to do and why.  

Making security easy for people is part of building a great security culture.