1. 14/11/2017 Communicating Cyber Security
LuayAlfaham, Senior partner networks manager, Cyber Aware; Research,
Information and Communications Unit (RICU), Home Office
2.
3. Introducing Cyber Aware
HMG’s first and only cyber security public awareness communications initiative delivering
official and expert advice, based on the technical authority of the National Cyber Security
Centre
• Helps the public and micro businesses focus on easily actionable cyber secure
behaviours that will give them the best protection against cyber crime
• Makes good cyber security habits as second nature as locking a front door
• Supports a range of private, public and third sector organisations to give
their employees, customers and suppliers consistent cyber security advice.
• Provides the credibility of HMG and visibly links its advice to a wider co-
ordinated strategy and approach.
“Evaluation at the end of our 2016/17 campaign
activity shows that an estimated 11m adults
and 1.4m SMEs claimed they were more likely
to maintain or take up key cyber security
behaviours as a result of Cyber Aware.”
* The National Cyber Security Tracker, is a regular non-random online panel survey of approx. 4,000 consumers and 1,200 SMEs, designed to measure the
adoption of safer cyber security behaviours. Findings relate to self-reported behaviours which may be influenced by a range of factors.
Introducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware advise?
Our work with universities and
colleges
Opportunities
For discussion
5. Why it matters
• Our research with BritainThinks highlights that students and the public expect to
hear cyber advice from education establishments and are more likely to trust
information from these sources
• Analysis from Mediacom highlights a group of approx. 1 million 18-25 year olds
who have a huge online footprint and cavalier attitude to online security as a priority
audience
• The risks to students – and reasons for them to take it seriously - are manifold:
– Losing vital coursework such as essays or research
– Inappropriate content impacting on future career prospects
– Time spent fixing damaged devices, contacting financial institutions, & reporting to
law enforcement
– Emotional harm and embarrassment
– Losing files with sentimental value
– Losing access to your money or bank account
– Potential for blackmail, extortion and coercion
• There is also a bigger institutional risk for colleges, including the risk of
exposing sensitive staff/student data, sensitive research, and reputational
damage
Introducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware advise?
Our work with universities and
colleges
Opportunities
For discussion
6. PRIORITY ADVICE
Passwords
• Use a strong and separate password for
your email (using three random words to
create a strong password which can be
supplemented with capitals and special
characters); hackers can use your email to
access many of your personal accounts
Software updates
• Install the latest software and app updates;
they contain vital security updates which help
protect your device from viruses and hackers
What does Cyber Aware advise?
This simple, prioritised and solutions-focused advice is based on
technical advice and intelligence from the National Cyber Security
Centre, Law Enforcement and HMG.
Introducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware
advise?
Our work with universities and
colleges
Opportunities
For discussion
7. Our work with universities and colleges
Web copy Co-branded digital banners
Social content
Newsletters &
bulletins
Introducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware advise?
Our work with universities and
colleges
Opportunities
For discussion
9. Opportunities
Offline
• Co-branded posters, banners around the campus
and Student Services
• Copy for student magazines
• Awareness-raising events and activities
• Password messaging in new student email
registration processes
• Training for IT helpdesks/centres
Online
• Messaging on intranet and email log in pages
• Web and e-newsletter copy
• Social content
Introducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware advise?
Our work with universities and
colleges
Opportunities
For discussion
10. Contact usIntroducing Cyber Aware
The consequences of cyber
crime
Why it matters
What does Cyber Aware advise?
Our work with universities and
colleges
Opportunities
Contact us
We’re here to facilitate activity in your workplace and make it easy for you to
get involved.
We will work with you to:
• Discuss your communication channels and how Cyber Aware can be
tailored to your organisation
• Share our evaluation methodology
To discuss the you can support Cyber Aware please contact:
• cyberaware@homeoffice.x.gsi.gov.uk
Please also visit:
www.facebook.com/cyberawaregov@cyberawaregov
Good afternoon everyone. My name is Luay Alfaham and I work in the Research, Information and Communications Unit at the Home Office.
My role is on building partnerships across industry for the Cyber Aware campaign, and developing these partnerships to promote the government’s protective cyber security advice both via the campaign and through our partner’s own communication channels.
I recognise I’m speaking to an audience of technical experts and I need to admit from the off that I do not consider myself to be one. What I can speak about is effective communications to drive behaviour change and attitudes towards cyber crime amongst the public and small businesses and how our campaign is evolving to deliver this priority for the Government. Effectively, how do we use communications to nudge people into being more cyber secure?
Before I run through the presentation I thought it would be useful to provide some background on my unit:
The Research, Information and Communications Unit - RICU was set up in 2007. As a strategic communications unit we deliver primarily against the Government’s Prevent strategy and to an extent, Protect. So this covers CT, CE and SOC – and this is where cyber crime fits in.
The core functions of RICU include:
Bespoke Information & Analysis to stakeholders on areas of specialism and threats
Campaign strategy and campaign delivery
Online Policy and Digital Delivery
Advice & consultancy: We work with other organisations and governments, domestically and internationally, to build their own communications capacity on these topics by sharing our learnings and expertise.
And in RICU we run and administer Cyber Aware - which is Her Majesty Government’s (HMGs) public awareness and behaviour change campaign which encourages the public and small business to adopt simple behaviours which will help protect them against the cyber threat.
So introducing Cyber Aware
The campaign is an evolution of the governments successful Cyber Streetwise campaign, designed to enable the public and small businesses in the UK to better protect themselves against the cyber threat by encouraging them to adopt a set of simple, protective behaviours.
Building on our success so far Cyber Aware aims to make good cyber security habits second nature for the public and small businesses. But Government alone cannot do this. The most effective and sustainable way is with a collective approach from the public and private sector delivering consistent advice at every relevant touch point.
Built on research and consultation with our partners and with consumers and SMEs; along with learnings from similar, successful cross-sector campaigns such as Change4Life, Drink Aware and Think!
The campaign is working – our evaluation demonstrates this – but we need to do more, and we can’t shift behaviour through pushing out Government messaging by ourselves – we need a collective, cross sector, consistent effort.
I’m conscious that you may have heard of other initiatives and organisations in this field so it’s worth highlighting these and where they fit in:
National Cyber Security Centre – the technical authority behind Cyber Aware and all HMG’s campaign advice, and provides detailed technical and incident management advice to larger organisations
Cyber Essentials – is an industry-backed accreditation scheme for SMEs and more detailed guidance on cyber security for larger SMEs (Department for Culture, Media and Sport)
Get Safe Online – is a campaign providing more detailed and wide-ranging advice on cyber security, fraud and online safety
Take Five – an awareness campaign delivering advice to help the UK protect themselves against financial fraud
Before moving on I’d like to now play you a short Cyber Aware film on the impact of cyber crime.
That film provides a snapshot of how the public view the threat of cyber crime and what the experience of becoming a victim can feel like.
The threat of cyber crime is increasing and the impact it can have on students, staff and educational establishments is far reaching.
If a college is hacked, sensitive research (e.g. medical or military) could fall into the wrong hands and potentially have significant political repercussions
Reputational damage can discourage future students from enrolling with a college that has suffered a cyber attack
Universities that specialise in cyber security education also risk losing their reputation in academic circles, as well as amongst prospective students
Also, it is everyone’s responsibility to be cyber secure and we need to educate people on how to do this. And if people are more cyber secure at home, they will bring these practices into the workplace/college. It’s about driving a culture change.
Cyber Aware’s research indicates that the public and small businesses still believe that they are unlikely to become victims of cyber crime and that being cyber secure is complex and time consuming. They are also overwhelmed with different advice from different sources; leading them to switch off and de-prioritise cyber security.
Our latest advice has been agreed with the technical experts at the National Cyber Security Centre and is deliberately intended to be simple and solutions focussed – this is key when effecting behaviour change amongst the public who might not consider themselves as ‘tech savvy’
Our priority advice is on the screen
This is supported by secondary advice including:
Being vigilant
Secure your smartphone or tablet with a screen lock
Don’t use public Wi-Fi to transfer sensitive information such as card details
Don’t ‘jailbreak’ or ‘root’ your smartphone
Back it up
Always back up your most important data either on a secure Cloud platform
or physical device
Two factor authentication
When available use two-factor authentication for your most important accounts as an extra layer of security
University of the West of Scotland:
We provided web copy for the University of the West of Scotland in January, advising staff on ways to educate their students to keep secure online.
Co-branded digital banners: Kings College:
We worked with King’s College in May 2017 to develop co-branded digital banners across their campuses aimed at their students
Newsletters and bulletins: University of Essex:
We drafted newsletter copy geared towards students, making them understand the repercussions of a cyber attack, in March 2017.
The copy reached a potential audience of 13,976 students
Social content: Collab Group and University of Lincoln:
We launched our most recent PR campaign, #techfree15, in October 2017. The campaign encouraged people to take a 15 minute break from their devices to install the latest software and app updates, which is one of the key preventative behaviours to keep your devices secure.
To engage our partners, we developed social media content for Cyber Aware partners to share with their audiences.
Collab Group and the University of Lincoln are two examples of partners that shared this content on Twitter.
Overall campaign results included support from 176 industry partners. The overall social campaign had a reach of 11.5 million
We’ve also provided intranet copy and advice for Westminster Kingsway College.
On screen you’ll see our previous campaign look and feel but last month we launched our new creative which will promote our advice and be seen across a variety of platforms. And I’m happy to show you one of the films that will be supporting the new campaign for 2017/18.
The new campaign look and feel has been developed to reflect the seriousness of the issue of cyber crime and has been tested with focus groups and partners across industry, government and Law Enforcement. I hope ‘Secure Steve’ (as we unofficially call him) doesn’t give you nightmares!
There are a range of ways existing and new partners can work with Cyber Aware to support the campaign including:…
Ultimately we would like to see Cyber Aware advice surfaced at the point of incident, e.g. when people are creating log ins and / or entering their password. So building advice into the existing user journeys – and use communications around this to raise awareness and support.
