Why Is Cloud Security So Hard? (Hint: It’s Not)
Securing a new environment without knowing the rules of the road can be hard. Take the time to learn the rules and avoid speedbumps.
Hosting a cybersecurity awareness campaign can showcase your team, raise awareness of infosec, and display how your company is doing that.
Hosting a cybersecurity awareness campaign can showcase your security team, raise awareness of information security, and display how your company is doing that. Since October is Security Awareness Month, this month is the perfect opportunity to engage your employees on security awareness. If you don’t know where to start for your cybersecurity awareness campaign, luckily, there are several ways you can engage your employees.
Before you start a campaign, you need to consider what you’re going to write and how frequently you’re going to send messages. No matter what campaign you choose to do, it would help if you considered your audience—whether it’s your employees, clients, or both—and think of your purpose. If you start a campaign without a purpose, you might lose your audience. Likewise, sending a message that doesn’t resonate with your audience might also cause you to lose them. As for frequency, sending too much content will cause people to ignore your campaign. Sending too few will also make them lose interest and forget about it. Hitting that middle ground is essential but is dependent on your content and type of campaign.
Although this would be the most manual and deliberate, this would be the most straightforward, cost-effective, and consistent method. You could do something as simple as sending daily trivia or showcasing one of your security team members. With an e-mail campaign, you can choose to follow a decided template and only change the information. If you choose to do an email campaign, you could also open it up to your customers.
This way would be similar to the email strategy but will keep it within the company. You can shoot information directly through DMs, posts in the #general channel, or send it to the communication department. You also have the option to make it more casual and do things like sending fun yet informative security videos.
Though COVID-19 makes in-person events difficult, that doesn’t necessarily mean you can’t have live events. With Zoom, Google Hangouts, and other communication apps, you can still have events without jeopardizing your employees’ safety. Some examples of fun, live events you could do is a Hacker Jeopardy or Capture the Flag competitions.
Think of it as normal jeopardy, but with security questions! This campaign offers many opportunities for creativity, though it might be more time-consuming and costly than the other options. You could choose to have teams, or you could not. You could choose to have prizes, or you could not.
This event is dependent on whether you want to open it up to all employees or restrict it to engineers. If you open it up for all your employees, you will want to make it not overly-technical. If you plan to make it for engineers, it will need to be more technical to keep it engaging. However, you’ll have more flexibility with questions.
There are plenty of sites that offer tools to create quizzes. If you don’t want to make the trivia, there are plenty of sites with free quizzes for you to use.
If you need ideas for trivia, try looking at our free cybersecurity awareness training to generate some ideas.
There are two types of CTFs: Jeopardy CTFs, and Attack and Defend CTFs. The easiest one would be Jeopardy CTFs. Jeopardy CTFs require teams or participants to work together to complete challenges. The other type is more complicated, but can still be fun. It requires setup before the event but will be a good challenge for your participants. It will help them brush up on their skills in a fun, non-threatening environment.
This type of event is geared more towards engineers, but you can still make it fun for non-technical employees. You could pair your non-technical workers with technical ones, so they can still be engaged during the event. If you decide to have all employees participate, then the better choice would be a Jeopardy CTF. They’ll be less they have to manage and could serve as an introduction to security. If you want to give your engineers a challenge, then an Attack and Defend CTF would be appropriate. They’ll be able to test their expertise against their co-workers, which would make it more fun for them. This type of event can also be hosted year-round, since you decide on how long you want the event to run.
If you’re not interested in planning your own CTF, you can join a public one on a site like CTFTime. On the other hand, if you want the event to be more personal and only open to your employees, check out a CTF host like CTFD.
To run a successful cybersecurity awareness campaign, there are several factors to pay attention to consider.
When it comes to a campaign—whether it’s a cybersecurity awareness campaign or not—one of the first things you want to make sure is that your message is clear. Whether you’re choosing to share your team member’s story or trying to convince your employees to attend an event, you want to focus on that specific message rather than flooding them with multiple messages. You’ll always want to be concise to retain their attention if you choose to do an email, Slack campaign, or a speech before a live event. If your posts or speeches are too lengthy, that might make them feel like you’re wasting their time and cause them to ignore later posts.
You will also want to consider the prioritization of your content. Since you have the most attention at the beginning, you want to present the most important information first. In the case of an email campaign, using headings and lists can help you organize your content and make your content easier to digest. If you’re having a live event, having an agenda or an outline of your topics will help you not forget your purpose. If you have a lot to say in a post or email, you can use an external link to redirect them to more information. You don’t have this type of privilege at a live event, but you can invite them to talk to you to hear more or redirect them to the campaign’s website or wherever you choose to put the information about the event on.
Another thing to consider is the design. Using your company’s logo as inspiration can help to show that it’s your company’s campaign. If you don’t want to make a special logo, then opting to use your company’s logo is fine, too. You will also want to choose a color palette for consistency during the event. If you’re having trouble with choosing one, then consider using your company’s colors.
When it comes to picking a font for banners or emails, remember to choose a legible one that matches your message. If your message is more serious, then considering a “serif” font will be appropriate because it indicates professionalism. If you’re going for a more casual message, then consider a fun “sans-serif” font. Also, make sure the font size is appropriate for the length of your content. For example, if you have a lot of content for your email, choosing a smaller size will prevent it from taking too much space; likewise, if you don’t have a lot to say, then a bigger size will help take up space. If you’re doing a Slack campaign, you don’t have much of a choice when it comes to customization; in this case, it’s better to keep things short and sweet, so your content is easily consumable. In the case that you have a lot to say, then redirecting to an external link to a post can help with the design.
You don’t want to send your employees or clients a block of text, so don’t forget to include some media! This can include pictures, videos, or any other visuals that can bring interest to your message. It’ll also prevent your audience from becoming overwhelmed by text or a long speech and retain their attention.
No matter what option you choose to do, remember that this is a marketing campaign. If your security team doesn’t have a name, this would be a good time to think of one. It doesn’t have to be complicated; it could just be your company’s security team. Having a name will make it easier to bring awareness to them, and give you something to put on swag like t-shirts or coffee mugs. If you don’t want to do that, you could opt to put “Security Awareness Month” and your company logo on it instead. The swag could also be used for your live events as prizes.
After the month is over, don’t forget to be available and engaging! This could be as simple as holding office hours, or something as complicated as hosting a summit or conference. With whatever you choose to do, remember to talk about the things you’ve done and what you plan to do.
Unsure about what to do? Cloud Security Labs has paired up with a cybersecurity and branding company to offer white-glove service to set up your cybersecurity awareness campaign. Feel free to reach out to schedule an appointment.