August 18, 2009 at 3:18 pm #4133
I would like to undertake a user education program (obviously security related) for my company and I would like to know if anyone has either sent or recieved emails regarding email threats, spam etc… and thought “hey thats a neat way of getting the point across”.
I know what the threats are and I know I can explain them to other technical peope but i’m not so great at taking a technical issue and dumbing it down so the average user can understand and “get it”.
So can anyone suggest any resources or email templates I can use for ideas.
August 18, 2009 at 4:13 pm #26162Don DonzalKeymaster
There are lots of good ideas, but there are 2 things you must get a handle on before proceeding:
1. Management Buy-In
2. Culture of the company
The first is the most important. Have you proven your case to them and have complete backing of management to proceed with such a plan? If you happen to call someone out regardless of standing in the company, will upper maangement ask you to let them slide or will they follow through with the predetermined reaction?
The second will dictate how creative you can get. Put up wanted posters with evil looking guys, have contests & give away an iPod every month for something a user does that is positive, be part of the monthly/weekly business meetings to call out those doing well and report on the success of the program… Make it fun, and people will go out of their way to participate.
Then you can turn it into a revenue generator by writing up reports for your sales/management teams that they can in turn take to their clients to show how secure an environment the entire company has. That makes them trust you more. I’ve even seen it close deals. But if you don’t communicate it to sales and management in just that way, they will always see it as a cost center.
Does that help? Or at least spark a conversation?
August 18, 2009 at 4:21 pm #26163
That does help Don. I do have management buy-in and I have volunteered for this task as I have a good handle on the threats and risks. It just so happens I’m not the best person in the world at explaining things to users in a way that they understand and won’t forget.
This education effort is going to be solely email based unfortunately so I need to make it as effective as possible.
August 19, 2009 at 5:48 am #26164UNIXParticipant
Beside the points mentioned already by Don, I would also try to add a lot of examples. People often will understand things much easier and faster when they can connect it with some examples they heard of. Further when you can insert from time to time a nice anecdote it should loosen things up, also for yourself, if you are not very experienced with giving presentations.
Although I have an ambivalent view on sources such as Wikipedia, I would recommend it in order to get an overview on a particular topic. Many articles there are only explained on the surface and therefore passing the message without getting too much in-depth.
August 19, 2009 at 7:02 am #26165dalepearsonParticipant
I would agree with all things posted, I would only add two things I have found to be of benefit in my experiance.
Try to add some knowledge and benefit they can use outside of work. For example, you could discuss the importance of AV in the organisation etc, and also give some links to good free AV products they can use at home to improve the security there.
Another is, where possible give some real example demonstrations. For example for patching, you could give a quick demonstration of how a machine without a certain patch could be easily compromised, then also give a takeaway as to how easily setup patching at home.
Awareness can be a challenge, but its something I think you can make enjoyable, and rewarding.
August 19, 2009 at 9:06 am #26166
Thanks guys, those suggestions help, particularly those suggestions regarding security both at home and at work.
- You must be logged in to reply to this topic.