Thank you to Joanne Kiley, ILTA staff, for pulling this blog post together to use as a resource.
Though we have another six months to prepare for National Security Awareness Month (October), we know security awareness training should be a constant in our organizations.
ILTA members recently shared how they engage staff and attorneys in continuing education on security awareness. Read their tactics for inspiration.
One firm ordered fortune cookies filled with “fortunes” security awareness tips and facts. This firm also announced a phishing campaign, placed Swedish Fish in bowls around the office and posted signs saying “Don’t Get Hooked!” As the phishing simulations began, the security team placed more Swedish Fish around the office as a friendly reminder to read emails carefully before clicking.
Tip: Here are two custom fortune cookie companies, Fancy Fortune Cookies and Fortune Cookie Factory, but please shop for the best deal.
A firm bought a home security webcam and locked it in a file box with a big padlock. IT used scrolls listing data privacy items under all employees of the firm’s responsibility. Each scroll had a paper cut-out of a numbered key attached to it. Before the contest began, the IT team randomly selected a specific key number to “unlock” the padlock on the webcam. IT invited employees to take a scroll and key to study the data privacy responsibilities. IT then quizzed employees individually asking the employee to identify 3 data privacy items listed on their scroll. If correct, the employee claimed a “key.” At the end of the day, IT announced the winning key number. The employee with this number won the home security webcam. To offer second and third place prizes, write names on the back of the keys. The ILTA member in charge of this campaign shared, “Our firm culture and size is conducive to this type of thing, but I find that the more creative I am with my campaigns, the more they pay attention.”
Tip: Here are Security Cameras at Staples and Security Cameras at Office Depot but please shop for the best deal.
We all need a Post-It now and then, just don’t write your password on it. One firm bought customized sticky notes with the firm logo and “DO NOT WRITE YOUR PASSWORD HERE” across the top. You could even use sticky notes in the shape of a padlock.
Tip: Here are Custom Sticky Notes at 4imprint.com and Printpps.com but please shop for the best deal. Looking for the customized padlock sticky note? Here’s one resource from imprintitems.com.
Consider buying mouse pads for all work stations with the firm logo and a marketing catchphrase to encourage attendance at training or offer a security awareness reminder.
Do you need to develop an incentivized continuing education program in your firm? One member gave you all the tools you need. To view the full documentation visit the Computer Sec Giveaway thread in the Server Operations and Security Community. Here’s a quick synopsis. All employees take a learning module on Windows 10. After completion they receive a firm branded insulated (hot or cold) tumbler and are invited to continue to take 3-5 minute courses via the firm’s LMS. Each course earns the employee a point. The training team tallies the points monthly for a monthly prize giveaway from a catalog of prizes ranging from 2 to 85 points. No points can roll over to the next month to encourage continued participation in the program.
Looking for more ideas? ILTA volunteers compiled security awareness materials and shared a security awareness poster and sample security awareness newsletters in the LegalSEC Community. Also peruse the Department of Homeland Security’s cybersecurity toolkit for ideas.
Add your great ideas in the comments section to make this a living document.#Training