For something a bit different, have you thought about running a roadshow, tradeshow or conference-style display/event as part of your security awareness program? "All it takes" is:
- The creative ideas and enthusiasm to intrigue and garner management support. Don't underestimate this element! The 'man cave' is but one random example of a style/design theme you might adopt. For a significant event, it's worth drafting a proposal and project plan detailing the resources, timing, location/s and most of all the purpose of the roadshow e.g. which information security awareness topic/s will be covered and why? What are the learning objectives and/or key messages you want to put across?;
- A few mobile display panels (perhaps borrowed from Sales and Marketing) for your posters and other materials ...;
- Some posters and other display materials. We find that mind maps and metrics, for example, tend to intrigue and draw people in to the stand; the awareness briefings, case studies, puzzles etc. coupled with your corporate security policies, standards etc. make decent handouts;
- A table and/or magazine rack/s to distribute awareness materials and trinkets;
- One or more prizes for security quizzes/competitions to run concurrently with the roadshow, maybe locked in a display case or photographed for the stand along with the challenge (for inspiration, think about the promotions you often see on trade stands ranging from the basic “Give us your business card to enter a free prize draw …” to “Pick this padlock faster than anyone else to win the prize …”;
- Optionally, set up a PC and screen to show rolling slideshows and perhaps a demo of Information Security’s intranet Security Zone (whether offline or online) – but don’t neglect physical security if the stand is ever unattended!;
- Ideally, organize seminars, workshops or training sessions as part of the event (perhaps one per lunchtime over the course of a week so everyone has the chance to participate);
- Notepaper or cards to record queries from punters that can't be satisfied at the time: keep these safe and actually follow-up promptly after the event, since inviting inquiries suggests you will respond;
- Someone to set up and take down the stand, and hopefully someone with an information security background to man the stand and field questions, at least during busy periods (if they cannot be there full-time, it helps to put up a note saying when the stand will next be manned);
- Permission to set up the display in, say, the reception area, executive suite, staff restaurant or similar;
- Some pre-show promotional emails, flyers or tickets inviting them to visit the stand.
Don’t forget to take photographs of the stand in use, with people taking an interest, to demonstrate its effectiveness to management and/or to use in your publicity materials the next time you run the roadshow. Consider an informative write-up for your company magazine and the Security Zone, perhaps quoting feedback comments from those who attended this time.
To extract even more value from the investment, you might turn this into a permanent unattended display in a glass case in, say, Reception or the staff restaurant. The trick to keeping permanent displays engaging is to focus on specific issues and items (such as your monthly security awareness topics), changing the content before it becomes stale and boring. For further clues about making it eye-catching, look at the end-of-aisle or sale counter displays in shops, browse any trade show and speak to your esteemed colleagues in Marketing. For bonus marks, make the static display animated and interactive with a touch screen. If you think creatively, it's really not hard to drag your security awareness program kicking and screaming out of the Dark Ages.
More ideas along these lines to follow when inspiration coincides with a free moment ... Meanwhile, what ideas along these lines have you tried?
