Beneath the awe of the Northern lights,
Elves craft away during long polar nights.
Security responsibility lies with all in the wonderland,
Aiming to identify, monitor and control data at hand.
How could Santa encourage a cyber security culture within his magical workshop? How could this culture help you? The purpose of this article is for you, my loyal readers, to extract ideas to incorporate into your own company’s culture, if you wish.
Welcome to part 5, of “How Santa’s Cyber Security Culture Can Work For You!” In Part 1, I refer to cyber attacks and the overall aim of Santa’s security awareness and training programme. Part 2 defines some of the key security roles, which will need to be taken on by Santa’s little helpers. Part 3 discusses elements for assessing training & awareness. Part 4 points out important communication channels. Part 5 outlines the campaign phase for Santa’s workshop.
Building a best-practice cyber security campaign will involve project management to integrate with the workshop’s own in-house systems, ensuring cyber security training campaigns are delivered on time and within budget.
Santa may use experienced cyber security training specialists to undertake the multi-channel communications described in Part 4.
The campaign phase will have a significant impact upon the little helpers. Measuring its effect upon them during delivery will enable the helpers to fine-tune the campaign and ensure optimal impact across the workshop. The following is an example communication plan, which can be created between Santa and the Snowman:
December 2018
Planned Topics:
- Overview of security: “Golden Rules”
- Christmas topic: Risks during the busy season
- Identity theft
- Social engineering
- Spam and phishing attacks
Planned Multi-Channel Communication:
- Intranet article
- Intranet cartoon
- Training & Awareness assessment
Security Team Action:
- Support Training & Awareness assessment
- Review of its results with Santa and the Snowman
- Preparation of intranet content
January to February 2019
Planned Topics:
- Re-launch of the campaign
- Information security responsibilities
- Responsibilities of the little helpers
Planned Multi-Channel Communication:
- Update intranet content (including blogs)
- Supporting Santa statement (video)
- Intranet article
- Intranet cartoon
Security Team Action:
- Preparation of intranet content
March to April 2019
Planned Topics:
- Data categorisation
- Data handling/data categorisation
- Clear desk policy
Planned multi-channel communication:
- Quick guide “Golden Rules of Information Security”
- Intranet article
- Intranet cartoon
- Newsletter/blog
- Security card games
Security Team Action:
- Preparation of intranet content
- Organisation of the quick guide and security games
May to June 2019
Planned Topics:
- Use of email/internet/forums/social networks
- Social engineering
- Spam/phishing attacks
- Malicious content
Planned Multi-Channel Communication:
- Intranet article
- Intranet cartoon
- Newsletter/blog
- Roll-out/roll-up
- Banner/posters
Security Team Action:
- Preparation of intranet content
- Positioning/dispatch/transfer of the banner/posters
July to August 2019
Planned Topics:
- Security whilst travelling around Lapland
- Use of screen filtering
- How to handle data theft/loss
Planned Multi-Channel Communication:
- Intranet article
- Intranet cartoon
- Newsletter/blog
Security Team Action:
- Preparation of intranet content
September to October 2019
Planned Topics:
- Little helper ID cards
- Unauthorised access
- Awareness of unauthorised little helpers
- Securing devices when absent
Planned Multi-Channel Communication:
- Intranet article
- Intranet cartoon
- Newsletter/blog
- Roll-out/roll-up
- Banner/posters
Security Team Action:
- Preparation of intranet content
- Positioning/dispatch/transfer of the banner/posters
November to December 2019
Planned Topics:
- Christmas topic: Risks during the busy season
- Identity theft
- Social engineering
- Spam and Phishing attacks
Planned Multi-Channel Communication:
- Intranet article
- Intranet cartoon
- Newsletter/blog
Security Team Action:
- Support Training & Awareness assessment
- Review of its results with Santa and the Snowman
- Preparation of intranet content
For the sixth and final part of the series, the information will be published shortly.