Want to know why Security Culture eats security strategy for breakfast?

Wouldn’t it be great to know the attitudes to security in your business, the conversations people are having and the things they are doing, or not doing? So, if you could be a fly on the wall what would you see? You buzz into the boardroom… The board are nearing the end of their meeting. Security is on the agenda, but it’s one of the several items left to deal with and they just won’t have time to get through everything. The chair suggests there’s nothing much to say about security – there haven’t been any incidents – and other … Read More

Keeping sharing simple...

3 Reasons Why the Board Will Want to Invest in Security Culture

I don’t know if it’s one of those British things, but talking about ‘culture’ is something we do in a strangulated whisper, as though someone’s got their hands on our back squeezing the syllables out of us. Using ‘Security Culture’ as the backbone to a business plan has – equally – been off the table. In its place, we’ve used euphemisms like ‘awareness’, ‘engagement’, ‘training’, ‘compliance’. Don’t get me wrong, all these terms are important to security culture, but they won’t be effective without security culture. Why Invest in Security Culture? Because security culture is the way we demonstrate what … Read More

Keeping sharing simple...

Questions From (ISC)² Members About Security Culture Change by Sarah Janes

Last week I delivered my first webinar briefing on security culture change for (ISC)².  The topic was Developing Security Behaviours: 8 Practical Principles for Effective Change.  I know that the (ISC)² bunch are a discerning audience so I was both excited, and a little nervous, as to how our approach to behavioural change would be viewed. You see, we have recognised that the approach ‘security professional knows best; tells employee how to behave’, is an approach that does not work to change behaviour.  Security is an attitude and not a set of rules.  We are asking security professionals to shift … Read More

Keeping sharing simple...

Working With (ISC)² To Shape the Security Industry

For the past 25 years (ISC)² has been shaping the security industry by offering training, events, education and certification for security professionals. Sarah Janes is delighted to have been invited into that process, by being asked to deliver a webinar on Developing Security Behaviours: 8 Practical Principles for Effective Change. Sarah had this to say about the opportunity to use the (ISC)² platform to talk about the ‘human factor’: “It’s rare now, to meet a security professional who doesn’t see the ‘human factor’ as the number one priority for businesses of all sizes. The problem that many organisations and companies … Read More

Keeping sharing simple...

Sarah Janes Presents on ‘The Human Factor’ to Leading UK Security Professionals

The City Security and Resilience Networks (CSARN) is a leading UK based business membership network bring together public and private sector leaders to effect meaningful change. CSARN’s most recent public event ‘The Cyber Dilemma – is mitigation the only option?’ was held at the Cavalry and Guards Club, Piccadilly on 13th July, with a brief to speakers to cover: • Mitigation tactics to protect corporate and government platforms • The need for AI and understanding the costs of implementation • The continuing threat from ‘insiders’ to your organisation • Why the C-Suite should be leading the fight • Areas of … Read More

Keeping sharing simple...

BYOD – Making the Workplace Revolution Work for You

BYOD or Bring Your Own Device, is a practice that challenges IT and Security Departments of enterprises globally.  Ever since 2009 when BYOD was what the cool kids in Silicon Valley did, this stealthy revolution has been stalking businesses large and small. Whilst large companies see the potential and all the security pitfalls, for small companies BYOD can be the only way they can operate. When Layer 8, was at the conceptual stage, and before we had any real clients, we had no choice BUT to use our own devices for business purposes. What I am I talking about?  Bring … Read More

Keeping sharing simple...

Layer 8 Supporting Local Business with Cyber Crime at NatWest Boost

Layer 8 were recently invited to attend the #NatWestBoost event in Milton Keynes. The event aims to grow local businesses and connects them with a range of different companies from HR, to protection from fraud. We were thrilled to be asked to run the cyber security stand at the event and with approximately 400 businesses from a range of different counties, this gave us the perfect opportunity to talk about reducing the risks of a cyber-attacks. Attendees of the event were asked to fill in a questionnaire which was based on human risk factors. One question focused on GDPR (General … Read More

Keeping sharing simple...

NHS Cyber Attacks – Simple Ways You Can Reduce Your Risks

Until the 12th May the word cyber-attack may have been unknown, or at least not fully understood, by a good deal of people. But the global cyber-attack, that released tens of thousands of ransomware attacks affecting 45 NHS trusts and businesses in over 100 countries, has woken the world up. Cyber-attacks, ransomware, etc are not a new phenomenon, but to date they have passed us by. A data breach where customer data is lost has no immediate or significant impact on our day to day lives. But the NHS being paralysed by the attacks’ changes all of that. Bedford based … Read More

Keeping sharing simple...

NHS Cyber Attacks – Simple Tips to Protect Your Business

I’m quite sure every security blogger on the globe is frantically sitting at their computer hammering out a blog related to the NHS cyber-attacks. Well Layer 8 are no different, but instead of scrutinising what happened, enough of the scare stories and techno babble, we want to focus on what can be learnt from this, and what we might be able to do to protect our businesses. Positive Outcome no.1 – Cyber will become a real business issue For too long IT and Security managers have struggled to get airtime when it comes to protecting their business. Board members, with … Read More

Keeping sharing simple...

Measure return on investment in security culture/behaviour change? Impossible?

If you regularly read our blogs, you will know that we discuss a different approach to this subject. One of collaboration, dialogue and integration. Out of collaboration emerges a position only the savviest of Security Professionals have achieved. That position is one of true integration, a position where security is correctly considered as part of the strategic direction of your business. The Security Team have become strategists rather than fixers. So what’s collaboration got to do with measurement? What a collaborative approach to security strategy produces is relationships. Relationships at every level and every department across your business. People to … Read More

Keeping sharing simple...