HackDig : Dig high-quality web security articles for hackers

Lessons from a security awareness campaign

2015-03-13 01:10
Lessons from a security awareness campaign

We have recently had a campaign, in British Columbia, to promote information and awareness about computer security and privacy.  While this is not a full post-mortem of the event, here are some observations.

Money, in the form of sponsorships from companies, is available.  We had no problem in raising funds, with some being donations in kind, and have a surplus that we can use to build the event next year, and possibly related events at other times.  With an identifiable campaign companies are willing to donate.  Security awareness is reasonably popular, as long as companies don’t have to do it themselves.  Sponsorship “rights” chould be clearly identified, and sponsors should be mentioned on signage, the Website and advertising.  Thanking a whole host of sponsors at each and every event is probably overkill: reaction to that at some of the events was a bit negative.  (Perhaps that could be a differentiation between some of the sponsorship levels.)

A substantial proportion of the funds raised should be used for advertising.  Some advertising can be obtained at minimal cost: many radio stations, and increasing numbers of local TV channels, have listings of community events.  Newspapers, particularly local papers, do as well.  All members should be encouraged to contact their local media and find out the contacts and rules for such listings.  Most papers will have a technology section or reporter, and a security awareness campaign with free events is a pretty easy column to write.  Make sure to contact such journalists early, and definitely get them a list of events, topics, and speakers a week before the events start.  (Limit the number of contacts you make to this person: don’t make them collect information in drips and drabs.  That will not make you popular, and won’t get you good press.)  Also contact local business periodicals.

Do not initially rely solely on social media.  Using social media you are primarily speaking to people you already know.  The objective is to find people you don’t normally contact, hence the need for general advertising.  The advertising campaign can mention a Website or social media link, and additional details can be provided there.  Over the years, more people will start looking to the social media activity.

Think long term.  It is unlikely that the campaign will be an instant success.  This same campaign last year disappeared almost without a trace.  Interest and awareness will grow year over year.

Follow up, particuarly with local media.  Contact journalists who have helped you, and let them know results, particularly numbers of attendees.  A story that an event has happened will remind people to look for it next year.

As part of the sponsorship campaign, find venues.  Asking speakers to find their own venues is unlikely to succeed.  It is much easier to find people wiling to give a presentation, than to find rooms to house them.

If you are having trouble finding speakers, expand beyond your own group.  Different groups have different cultures.  If your group primarily focusses on business issues, your members are likely to be somewhat conservative, and therefore possibly shy about addressing the general public in regard to general security issues.  A more technically oriented group will likely have people who are, at least, excited and willing to talk about technical security.  They may not be the best speakers in the world, but remember, the aim is awareness.  It is likely that somebody will get something out of the talk.

College and university students are both a target audience and a resource.  Do not simply contact an institution and expect them to set up an event.  Remember that students spend all day sitting and listening to lectures.  Engage the students (and instructors, if possible).  Students are active, have lots of ideas, and want to do something real.  Get them involved with the mechanics of the campaign.  You will get much larger attendance at campus events if some of the students have been working on the campaign, and talking it up among their friends.  If they are studying security or technical fields, they will also have ideas about presentations or demonstrations.  Use them.  (Using students also helps them: they build valuable contacts while helping with the campaign.)

Consider multiple audiences.  Have different events, within your campaign, aimed at business, home users, seniors, parents and kids, schools and teachers, and general social media users.  Consider different topics, presentation levels, and locations and venues.

Involve schools, libraries, churches, and other social institutions, and not just by asking them for space.  (Recreation centres tend to be overwhelmed with requests, so they are not a good bet.)  Try and find out their concerns in regard to security, and see if those can be specifically addressed.  These institutions have social contacts of their own, and will expand awareness of your campaign considerably.

Source: /ngiapmac-ssenerawa-ytiruces-a-morf-snossel/30/5102/ku.oc.ytirucesti

Read:3178 | Comments:0 | Tags:Expert Views Rob Slade Security Social Media

“Lessons from a security awareness campaign”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud