Prudential teaches staff to tackle security threat

Prudential Assurance is to launch a drive to persuade its staff to change their approach to IT security.

Prudential Assurance is to launch a drive to persuade its staff to change their approach to IT security.

The company, which already has security awareness programmes in place, said it wants to change the way its staff behave, rather than to simply inform them about good security practice.

Human beings are often the weakest link in security systems. Last week, Computer Weekly revealed that office workers were prepared to disclose their passwords to people conducting a security survey outside London's Victoria Station.

"You have to have effective awareness programmes so that people know and understand the issues. But knowing something is wrong does not necessarily mean you change your behaviour. It is about changing people's perception," said Stephen Donnelly, head of information risk at Prudential.

The company plans to use an index developed by Pentasafe to measure the effect that its security awareness programme has on the way its staff work. The index will allow the company to benchmark its performance against other financial firms.

IT staff will also use automated programs to assess the strength of the passwords that workers use. It will be able to give them feedback on improving the strength of their passwords, for example by combining both letters and numbers.

The feedback will help the company assess what the most effective ways of raising security awareness across the group are.

"The important thing for us is getting the feedback mechanism right so that people can raise issues and we can have a clearer idea of how the business is running. It will allow us to develop a more people-friendly way of managing security," said Donnelly.

Eurim backs Computer Weekly campaign
IT lobby group Eurim is to call for stronger partnerships between the police, IT suppliers and users to combat computer crime. The group will back Computer Weekly's campaign for a government review of the UK's computer crime laws in a paper to be published next week.

Computer Weekly Editor Karl Schneider and security expert Peter Sommer will be speaking about the reasons why the law needs to be updated at the launch of Eurim's paper at the Infosecurity show.

Read more on IT risk management