How to Educate Your Staff about Security

When you educate your staff about security issues, it’s best to send the message in a style that will reach them.
(Page 1 of 2)

In my "real" job, we, like every other company on the planet have our periodic "reminders" about security. We did something a bit different (for us), and picked up some interesting ideas/tips along the way, that could be handy for any of you about to start up a similar cycle.

First, you can't solve every security problem at once with what amounts to a PR campaign. You can't even come close, so what you must do is avoid the sickness known as scope/feature creep. What you are trying to do is pick two or three top issues, and educate the user community about those two or three issues. In our case, we went with phishing, laptop/mobile security basics, and locking your screen when you leave your computer. That does not mean discussing PGP vs. NTFS native encryption, or who has the better passphrase generators. Those are interesting, but weren't germane to our main focus, and so they didn't make the list.

Related Articles
Mac and PC Installation Hell: Just Say No

Top 10 Mac Productivity Enhancements

iPhone and Steve Ballmer

Using Vista and Linux on a Mac, Part One

FREE IT Management Newsletters

Once you've decided your subject matter, then you have to decide on how you're going to present it. This time around, instead of a standard PDF/PowerPoint snoozefest, we went with movies. This gave us a number of advantages. First, we could make it humorous. The folks making these kinds of decisions decided to spoof "Men in Black." So, there is now film of me dressed up ala Tommy Lee Jones and glacier glasses talking about various security issues. (No, it's not going on YouTube.) Humor, as many an educator will tell you, is a valuable teaching tool. It keeps your audience interested, and if they're interested in what you're doing, you're halfway there.

Using video also let us illustrate problems in ways that carry far more impact than simply talking about them. Sure, I can write up a nice paragraph on how easy it is to steal a laptop or smartphone. But that will never be as immediate as showing someone how a random person can grab your stuff and be out of the room in under ten seconds without running, or how they can sit across from you on an open wireless network and start playing traffic sniffer games. Seeing these issues in such a 'real' manner has a lot more impact than just talking about them.

The same applies for locking your screen when you leave your computer. Again, I can write pages of pithy prose on this, but 20 seconds of video showing you what can happen? Far more effective. Over the long term, we can put this up on a streaming server (Quicktime of course, we already have two for free via Mac OS X Server), and on DVD to become part of new employee orientation. So not only do we make "Security Awareness Month" a bit less tedious, we can guarantee that new hires are getting the same message.

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.