Skip to content

Latest commit

 

History

History
66 lines (48 loc) · 3.26 KB

300-AUDIENCE-ANALYSIS.md

File metadata and controls

66 lines (48 loc) · 3.26 KB

Contents | Previous | 3. Audience Analysis | Next

3. Audience Analysis

Introduction

We have sent surveys to healthcare personnel of the Horizon Foundation. Our goal was to assess how they relate to the security breach which occurred last year. We also analyzed how employees perceive their ability to fight phishing and other digital threats in the course of their daily job.

Overview of the Study

We received 7,500 responses to our survey. We then interviewed 60 employees with different backgrounds, among those who volunteered to answer more detailed questions as a follow-up to the survey.

We analyzed answers and a number of profiles emerged when grouping them by similarity. We will describe below the three main profiles, which represent more than two thirds of the respondents:

  1. Nurse, 35, Aware of Breach, Checks Emails 5 times a day from Phone
  2. Chief Nurse, 45, Aware of Breach, Checks Emails 3 times a day from Phone
  3. Doctor, 40, Not Aware of Breach, Checks Emails 2 times a day from Computer

Themes of Study

Awareness of Security Threats

65% of the respondents were aware of the data breach. Still, one year later, the awareness of the procedures to avoid security breaches is low. Over half of the respondents do not know or are unsure of which procedures to follow.

Most employees are convinced of the importance of digital safety procedures, and willing to put them into practice. But they are not sufficiently aware of the best practices and procedures to follow. The positive attitude towards digital safety, and the high level of education among these employees are two factors expected to contribute to the success of a future training.

Technical Environment

Less than 10% of respondents check their emails from a computer, while 3 in 4 check their emails from a phone. The training received by employees during onboarding focused on computer usage to describe procedures to open emails safely. This creates a discrepancy with the context where these procedures must be applied, using a phone or tablet during field work.

The training would benefit from being applied in its actual context of use, while reading emails in the course of regular activities. The onboarding training shall be updated to reflect mainstream usage for email consumption.

Focus on People, Not Data

During the interviews, we noticed that the problem of security threats was considered with more empathy when we shifted the focus to people rather than data. Employees felt more involved with the issue when we talked about their effects on the people affected, the donors and the recipients of the organization charity efforts, rather than the protection of computer systems, networks and computers.

Field employees have little time to spare for technical audits. But they have shown a readiness to give some thought to the consequences of unwittingly lending a helping hand to a remote attacker. Their motivation is to fend off any attempts to take advantage of the people who trust the Horizon Foundation.

Contents | Previous | 3. Audience Analysis | Next