Emma W

Why are people, and couldn’t they just not? Proving the value of empathetic security, in the front lines of NCSC Comms

“The problem is not with human error. It’s the processes and the culture in the systems that enable a wrong click to have a catastrophic effect.“

Summary

• Why do people keep doing things that we in security have told them not to do? Instead of blaming human error, we should look into the security that hasn’t been designed well for humans. User experience has never been critical in security in the same way it is critical for Amazon. This is the key reason why security isn’t more people-friendly in many organisations.

• There are better ways to look into human error in cyber security; a review points to systems, processes, and culture that enable this error. Therefore, security depends on everyone.

• Unfortunately, we know so much about cyber security from our expert perspective that we struggle to understand what layman needs to know about cyber security and how best to say it to them. A collaboration among expert technical advice, content writers, user research, and audience insight is needed to achieve this goal.

More about Emma

Emma W was, until very recently, Head of Advice and Guidance for the NCSC. She has now moved to a different NCSC role. She has worked at GCHQ/NCSC for nearly 20 years (so yes she did start at the age of 5, thankyou so much for asking). She has had a varied and almost entirely unplanned career across project management, learning and development, organisational security and cyber security. For the past nine years, she has specialised in people-centred security and communicating cyber security advice well to different audiences.