2. Do you feel your organization has already spent so much energy on
Cyber Security and results are just getting worse? Perhaps your IT
department has sent out dozens of communications and even required
a painful security awareness video. Somehow employees are still falling
prey to Social Engineering especially document sharing Phishing. If this
sounds familiar the simple answer is:ask your Marketing department
for help.
3. Full disclosure here: there is no silver bullet to fix every aspect of Cyber
Security. It requires time, money and a plan to address real technical
challenges that criminals can easily exploit.
However, if you ask your average technology professional it’s not the
network security, server patching or some other highly technical
activity that frustrates them. The number one challenge technology
professionals will admit is dealing with the end user, otherwise known
as employees.
4. If this sounds familiar then my recommendation is to ask your
marketing department for help. If you’re a technology professional you
could coordinate with your marketing department and run an
awareness campaign. By starting out with a simple (yet effective)
awareness campaign you will make a difference in one of the greatest
risks your organization’s brand is facing. This is as much a marketing
risk as it is a technology one.
If you’re a leader of a functional area you should pull your IT and
Marketing leaders together to ask that they drive this campaign for
your area first as pilot and then, if successful, roll the campaign out to
the rest of the organization.
5. Here are 7 critical components to an effective Cyber Security marketing
campaign:
1. Identify and focus on the most critical Cyber Security threat. For
most organizations, this will be phishing.
2. Don’t assume your employees know terms like phishing, know how
to hover over links, understand how to identify spoofing or know
any other common security vernacular.
3. Explain beyond the basics of the risk by focusing on the
behavior(s) you want them to adopt.
6. 4. As the saying goes, “A picture is worth a thousand words”. Show
real life examples of phishing and what not to click on in websites,
emails, etc. Create posters and other visual communications to
reinforce your message to hang throughout your
company/organization.
5. Maximize your message by sending communications through more
than one channel. Have your technology manager explain the
seriousness of the threat to employees. Soon after, send specific
instructions from your Help Desk on what employees need to look
for and how they need to respond. At that time, ask each
department to reinforce the Help Desk communications by adding a
personal story.
7. 6. After communicating, test the effectiveness of the campaign by
using a phishing simulator such as Threatsim/Wombat, SecurityIQ,
or your Marketing tool to gather read rate and clicks of suspicious
emails.
7. Publish the results by department. This final step creates a
gamification or cadence of accountability that truly starts to change
behaviors. No department wants to be at the bottom of the list.
8. By following these 7 keys to success you can transform a stagnant
security awareness program to a clear, engaging and fun program.
Repeat steps 4 through 7 until your organization completely addresses
the most critical area or reduces the risk to an acceptable level.
To increase the fun factor, turn the reporting into a contest with a
simple prize such as a gift card, YETI Cooler or team lunch!
9. 1056 Moreland Industrial Boulevard
Atlanta, GA 30316
P: 404-622-5000
sales@mckenneys.com
www.mckenneys.com
3601 Performance Road
Charlotte, North Carolina 28214
P: 704-357-1200
Atlanta Office:
Charlotte Office:
10. 1056 Moreland Industrial Boulevard
Atlanta, GA 30316
P: 404-622-5000
sales@mckenneys.com
www.mckenneys.com
3601 Performance Road
Charlotte, North Carolina 28214
P: 704-357-1200
Atlanta Office:
Charlotte Office: