National Cyber Security Awareness Month is fast approaching and every CIO and CSO should already have their Cyber Security Awareness Month planning well underway. Just in case you haven’t begun your planning or you simply decided to dust off the tired old lectures and canned emails on complex passwords and acceptable use, I thought I would encourage you to try something new.
Cyber Security Awareness Month Ideas
The focus of 2012 Cyber Security Awareness Month should reflect that we are in a new era of computing with entirely new threats and vulnerabilities. Having said that, lets not forget the primary vector is still through people – your students and employees.
Typically, CIO’s focus their Cyber Security Awareness Month campaigns on traditional issues that are focused on the enterprise and historical user oriented issues such as malware and phishing. So let’s channel Dr. Phil on this and ask ourselves “How’s that work’n for ya?”
So why not change things up a bit this year and do something specifically for your users’ benefit that will indirectly help you with your enterprise security goals. Here are a just a few ideas to get you thinking.
Mobile Device Security and Privacy
Break out 5-7 separate topics to help your students and employees improve their mobile device security settings on their smartphones. Help them with getting the latest security updates and using strong passcodes. Maybe its time to add a page to your ITS web site on managing personal mobile devices.
Show them how to safely use hotspots and block others from accessing their phone. Help them get a plan together for what to do when they lose their phone, and you know they will.
Be sure to also offer advice on proper disposal of a mobile device. With so many expected to get the new iPhone 5 be sure to include wiping their old devices and to never leave wiping to someone else – perhaps that can be a new service for you.
Social Networking Sites Security and Privacy
It never hurts to offer another reminder to check or double check their Facebook privacy settings and any other social networking sites. Except when you do it this time try to help students with adopting a view for the future in their decisions based on ultimately entering the workforce.
Consider providing an overview of the pros and cons of using social login and how to safely manage account credentials across multiple social networking sites and reviewing all those apps they have granted access to. Don’t forget to encourage people to clean up their old social networking sites profile they may not be using any more like that old MySpace account.
Finally, try to offer some reminders about the growing number of scams and frauds occurring in social networking sites. Think about covering the risks of user shares/likes and as well as third party applications.
Behavioral Advertising and Electronic Tracking
Whether online from their home, office, classroom or on their smartphone your students and employees will appreciate knowing a little more about how their online activities are being tracked and how to avoid the trackers.
Perhaps you can publish a list of some popular “Do Not Track” browser plug-ins and other similar tools that allow users to control when their browsing activity can be captured and shared.
IT Department Cyber Security Awareness
If you really want to do something impactful to improve cyber security at your college or university focus your efforts on your own IT department staff and any non-IT department technology groups.
If you need ideas to emphasize with your IT department staff, look no further than the any one of the data breach databases at the recent higher education data breaches. I usually use the Privacy Rights Clearinghouse Chronology of Data Breaches.
Security and Privacy Apathy
“The Enemy Isn’t Hackers It’s Apathy” is the new Tripwire advertising slogan which really resonates for me. Cyber Security Awareness Month should not overlook the importance of extinguishing complacency and apathy when it comes to security and privacy.
I know its hard, like teaching kids good tooth brushing habits. Just remember you don’t have to turn everyone in hyper-vigilant security stormtroopers, you just want to move the collective concern in the organization up a notch or two.
Look for ways to freshen up the message with motivators of what’s in it for them. That is in part why I suggest focusing on the users because they are vested in their own security. Try to create a rising tide this year by helping employees and students increase their personal security habits and awareness and it will transfer to the enterprise.