Awareness about behavior online, how to build it

Now I will do like this. I'm a nurse extremely curious nurse and uh because of uh that I'm um because of my activity and uh curiosity and willing to learn I became part of I'm the calary group and the network of the women cyber security. I worked like 20 years as a um flex worker, consult nurse at the many hospitals and many departments and I could easily get all of account data with people from people I worked with and I was really surprised at first I realized how um dangerous that is and how much power I have having account data from my work from my colleagues and what I can do on the day name at the workplace. age and harm and

patient and um themselves too. uh in a data bridge uh investigation by version came out that the treat in a health care that the data bridge in healthcare was like 15% from all and that the treat in healthcare was um partners in external like 38% and 68% was internal when I did look more about top industrial like public finance and healthcare it came out that almost 82% was internal treats and as they uh say with the with the people like this who needs the enemies. You probably ask yourself why I talk about uh training uh and building awareness at the workplace because we have all information online. we can find them and we can um have a

lot of trainings with people doing but what I noticed in this time talking with my colleagues and everything the people are not interesting to search in private time and learn about uh good behavior online they are more open for that in a at the workplace also the hospitals and all other companies are more interesting target for the criminals than individual and that cost lot of times Also the trainings that people give are too tech too nice want to explain how it all works but people don't want to hear it they need to simplify and easy and we forget that most of people they are not in the tech sector did they run away from the tech because they don't like it

or simple don't understand it so I um in lot of talks and everything it can be there about basic training where we can in three parts uh make uh people interested to want to learn. uh as I say I come in a lot of hospitals and I get all the accounts data from the people and one time so I asked my colleague why you give that to me she said I trust you it's not problem you need to work so what's the big deal she didn't realize and she didn't understand that uh how dangerous is and that she may not trust me or anyone else with her account data because we have all of everyone have at

workplace also the link with my work place where your where are your own personal data when I remind that on her she took the paper away and I asked her why you take that away you trust me isn't and she said okay okay you make your point um the lot of reaction was really like this when I remind them and say hey you give your own data and that's the way when they get open to next part of the story and that's that you give them information what can happen with their data. It's not only about identity fraud. It's about also that people can do criminal acts under their name at the work outside of the

work or even in another country what bring them in danger. With those two parts you make them open for the third part for learning for a workshop. The workshop needs to be easy and relax. You can make some groups with the people. You can make some interaction and communication with them. You can learn them how they make they can make the long password. How they can recognize suspicious links or emails and make some nice things. Training is general trainings are in general too serious to text. So keep it simple, keep it friendly because you need to make connection and communication with your employees and that way you can make them understand what and how they need to do

and also when they know don't know something they can contact you easily than if you don't have that communication. There are also the rules that need to be brought in a company. they are not all all the time um popular or they are just uh too serious. You can make poster like this like I get from sale and sec and inform them what is important like no medical records on a public network only just on a network from the company when you have a problem go to ET or you log out when you go outside of the The important information that we also need to bring to employee is that hackers only need to be lucky once and

user need to be lucky every time like Brute Logic said and that's the message they can get and they understand it and they are willing then to learn and to make more attention and make more uh communication with ET sector. Now I will put a peer list I will put more about training with more details in this short time I could not say all of them and then you can read there and for any question you can also contact me on those two mails and on Twitter I will just like to say a little bit about want to cry we still don't know did it go by email or did it go by using uh devices

that are contacted uh that were connected on um line but the one things what did happen it has happened that wry did make obstruction in a work in a healthcare so that make also people they work in little bit and panic what we can do and how we can do only what I can say about that that it can be more worse than what it was so that was uh my first talk and thank you for listening Link to me and if you have any question you can ask now or later. [Applause]