Previously, I wrote about the high cost of poor security: One study found that the average data breach cost $3.8 million, and that 43% of companies had experienced such a breach.
That’s why businesses are getting more serious about information security education, even if that means taking a less conventional approach.
How unconventional? The Computer Security Division of the National Institute of Standards and Technology recommends frisbees, greeting cards, and, yes, even mugs, all sharing security tips and reminders. (They also recommend the promotional slogan “SEC_RITY is not complete without U!” – we could have done without.)
The NIST also recommends a variety of security awareness posters, some of which are free to download and print, such as those offered by West Virginia University.
These strategies, giving users something tangible to remind them about security, are increasingly important as devices move beyond your own perimeter, which is happening with almost every business.
And sometimes a security reminder can be both fun and practical. The Electronic Frontier Foundation, for example, started inserting removable web camera covers in its sticker pack, letting supporters both promote and protect at the same time.
While these kinds of tactics might seem a bit goofy, they’re a good way to stand out with users who easily get tunnel vision to the normal security messaging ploys. And something that users take home with them — or on the road — is a way of reminding them of that security is a team sport, whether or not you’re on home field.
It also pays for IT professionals to remember, when rolling out a security education program, that it’s not just inexperienced or less savvy computer users you need to educate: A 2013 study found that it was actually the technically sophisticated computer users that were most at risk for downloading malware.
Think of educational tools like stickers, posters, and mugs as one part of a security inoculation strategy, helping you ward off threats you might not even be aware of and helping arm employees with the ability to keep your secrets safe, even against risks you don’t know you face. For an idea of how vast those risks are, Veritas did a study this year looking at where corporate data resides: Turns out, according to the company, 54% of data resides outside of properly vetted and managed databases, meaning most companies not only don’t know what they don’t know, but they don’t even really know what they do know.
Time to start designing some coffee mugs.
Underwritten by HP Inc. and Microsoft.