MicroSolved – The following are just a few rough ideas for you to expand upon and build your own information security awareness program. October is National Information Security Awareness Month. It is a good time to tie into a larger effort to bring awareness of security topics to all computer users.
The critical part of building an information security awareness program is to hold periodic and ongoing activities that build a core set of best practices and reinforce those concepts over time. This can be done in a variety of ways:
- Host a mandatory security Best Practices seminar for all employees
- Have an "Information Security" theme day with a sponsored lunch, a short presentation, and a simple game, such as a crossword puzzle or word find
- Produce quarterly security update podcasts
- Send out monthly security update emails with links to media stories about security
- Conduct polls or surveys about current security practices with a random prize drawing for all responders
- Develop an information security intranet site and host periodic security-themed online events
- Broadcast a monthly information security reminder voicemail that covers a basic security practice in 90 seconds
- Publish posters, short videos, and other "quick and easy" multi-media content
- Engage your marketing department to establish a security mascot and tagline for use throughout the year
- Hold a contest for users and let them design posters or other security-themed content
- Have your executive management role play defenses against social engineering and other attacks in a comical way at your next company meeting
By following these tips and expanding upon them to fit your own corporate culture; you can easily create an effective security awareness program within just about any budget.