Security awareness for IT gizmos

Introduction and scope

Gizmos (that is: portable IT, communications and entertainment devices such as cellphones, PDAs, USB memory sticks, GPS units, iPods and laptops) are far more than just boys’ toys. They are all around us. The convenience and flexibility of both purchase and deployment are substantial advantages, so much so that gizmos such as laptops and cellphones are edging out their more traditional fixed desk-based equivalents from many offices. 

Thanks to intense competition and tremendous innovation, gizmos are attractive, cheap and plentiful, and are fairly reliable as far as the electronics go. There’s a downside, however, as information security risks can undermine the personal and business benefits of gizmos. They are commonly involved in serious information security incidents. Easy-to-use evidently goes hand-in-hand with easy-to-lose.

The rate of incidents involving loss or theft of laptops and memory sticks shows no sign of abating, although a growing minority of organizations are at last using encryption. Most, however, remain oblivious to the issue until they hit the headlines for all the wrong reasons. For many, user awareness is the only effective means of controlling the problem.

Various other security incidents besides loss/theft of equipment involve gizmos. Read about security risks affecting teleworkers and mobile workers, PDA users, and of course their employers in the newsletter and other awareness materials. Today’s James Bond has a mind-boggling choice of subminiature surveillance equipment at his disposal, starting with the humble camera- and Bluetooth-enabled cellphone.

Content of the module

December’s NoticeBored materials are provided to customers as a 38Mb ZIP file containing all the awareness materials described below. Most are standard Microsoft Office files. Customers are welcome to add their own security awareness logos, edit the text or images, cut-and-paste content to or from other media (including Learning Management Systems and corporate intranets), alter the formatting to suit their corporate style guides and so forth, and of course to use the materials to enhance their awareness programs. 

The “awareness activities” document (item #25 below) has 5 pages of creative ideas on how to get the most out of the module and interact with employees (staff, managers and IT professionals) in ways that encourage learning and behavioral modifications. 

Awareness materials for all employees

1. Security awareness seminar: gizmos 15 PowerPoint slides with speaker notes

Attractive ‘camera ready’ presentation slides and decent speaker notes to facilitate awareness seminars.  Tell your employees about the security risks relating to the toys they might receive for Christmas.

2. Security awareness posters: gizmos 10 high-resolution images

Posters are a valuable part of a security awareness program, not sufficient by themselves but a means to promote broad awareness of the issues and lead-in to more explicit guidance. This month we are delivering six brand new awareness posters (thumbnails below - the original images provided to customers are approximately 3,500 x 5,000 pixels) as JPGs and recycling a further four PDF images to highlight the main points of the module and interest people in the remaining awareness materials.

3. Screensavers: gizmos PC screensavers x4

NoticeBored screensavers bring the graphical content of other awareness materials to employees’ screens in a rotating or random sequence. We provide three screensavers based on the seminar slides, plus one based on the new awareness poster images seen above.

[Customers, please contact us if you would like to customize the screensavers or create your own. We’ll tell you how to do it yourself, simply and for free.]

4. Security guideline: gizmos 2 page Word document

A brief overview of the subject, intended for general consumption by all employees.

5. Security guideline: secure teleworking 1 page Word document

Information security advice for those “working from home” or “road warriors” constantly on the move.

6. Security procedure: reporting gizmo incidents 1 page Word document

Gizmos are, by their very nature, more likely than fixed office equipment to suffer security incidents such as loss, theft, damage and even viruses, spyware and hacks as antivirus updates, patching etc. are frequently delayed or missed. This sheet explains the need to report gizmo incidents promptly, and includes a cut out and keep reminder card.

7. Case studies: gizmos 2 x 2 page Word documents

Discussion points and ‘model answers’ help facilitators lead classroom discussions, seminars or team meetings around typical gizmo security scenarios. Role-playing using these scenarios as scripts can really bring the topic to life and make the learning experience fun.

8. Top tips: gizmos 1 page Word document

We’ve condensed the module to ten top tips this month. 

9. Take home messages: gizmos 1 page Word document

We’ve made the information security messages as portable as the devices!

10. Crossword puzzle: gizmo security  2 page Word document

The blank crossword grid and clues are on one page, with the completed crossword on the next. If you remove the second page, this can be circulated or published on your intranet as an awareness competition for staff. Why not pick suitable prizes from the menu of suggestions provided in the induction module?

11. Security awareness survey form 1 page Word document

Use this form to gather basic metrics on your awareness program plus (just as importantly) improvement suggestions from employees. 

12. Awareness test: gizmos 1 page Word document

Do employees understand the key points about securing their IT gizmos? Test their recall and comprehension with these simple multiple-choice questions which can be integrated into your Learning Management System (LMS) if you wish.

13. Glossary of gizmo security terms 3 page Word document or 1 web page

An hyperlinked glossary of terms relating to IT gizmos, ideal for presentation on Information Security’s intranet Security Zone. 

14. Links to additional online resources on gizmo security 1 web page

Explore our managed collection of annotated hyperlinks to additional gizmo security resources on the Web.  We used many of these resources in our research to prepare the module. Customers are very welcome to download and republish our links collection on their corporate intranets if they wish but anyone can link to it!

Awareness materials for managers and executives

15. Mind-maps: gizmo security 4 Visio diagrams

Picture the key gizmo security issues in pictures. Mind-maps help us think through and develop the content whilst researching and preparing the NoticeBored materials. We use them to illustrate the presentations and various other awareness materials in the module, showing the topic in a structured and visually appealing way. Four mind-maps and diagrams (with multiple variations) are provided this month.

16. Board agenda: gizmos 1 page Word document

Would any self-respecting senior manager be seen out and about without the very latest smartphone or Blackberry? Judging by the number I hear conducting sensitive business loudly in public places, few of them appreciate the security issues these convenient gizmos cause! Security awareness in the board room works wonders in terms of achieving compliance throughout the organization.

17. Elevator pitch: gizmo security 1 page Word document

What would you say about gizmos if you met the CEO in the elevator? Whether you take this suggestion literally or just circulate the paper to the C-suite is entirely up to you, of course!

18. Model policy: securing portable IT devices 3 page Word document

An example/model policy for adaptation and use or benchmarking review of your existing policies. Contains two high level generic policy axioms supported by seven more detailed/specific policy statements.

19. Management seminar: securing gizmos 14 PowerPoint slides with speaker notes

Visually appealing presentation slides plus comprehensive speaker notes help gain middle management’s understanding and support for essential gizmo security controls.

20. Executive briefing: securing gizmos 1 page Word document

A succinct briefing explains the essential gizmo security issues, risks and controls for senior managers.

21. Management briefing: securing gizmos 3½ page Word document

A slightly more detailed disposition on securing gizmos for slightly less busy middle managers.

22. Management briefing: secure teleworking 1 page Word document

Managers can hardly bear to leave their responsibilities behind and frequently work while traveling, their laptops and cellphones making the mobile office a reality ... but do they even consider the security aspects?

23. Management briefing: gizmo security metrics 3 page Word document

Suggestions on how you might measure and hence systematically improve your organization’s gizmo security controls - ‘a few good security metrics’ to set managers thinking about what’s really important to the organization.

Awareness materials for IT professionals

24. The NoticeBored newsletter: gizmos 6 page Word/Acrobat PDF document

The monthly newsletter introduces and sets the scene for the remaining security awareness materials, providing background information on this month’s topic plus an overview of the associated risks. While the editable MS Word version is reserved for paying customers, the PDF version is emailed to everyone on our newsletter mailing list. Sign up for free!

25. Awareness activities for December 5 page Word document

Information security awareness program managers - start here! Pep-up your security awareness program with our creative internal communications ideas and awareness tips to keep your program rolling along nicely. We can’t stand up in front of your employees to deliver the awareness seminars, training courses etc. but we can make your job a bit easier, more productive and hopefully more fun. Spend your valuable time interacting with your colleagues and spreading the good word rather than hiding away in the back office researching and writing awareness materials.

26. Technical seminar: securing gizmos 5 PowerPoint slides with speaker notes

IT professionals love their IT toys! Most need prompting to consider the security aspects.

27. Technical briefing: gizmo security 7 page Word document

Analyze gizmo security threats, vulnerabilities, impacts and controls to help IT professionals understand the implications and react accordingly.

28. Internal Controls Questionnaire: gizmo security 6 page Word document

Assess your organization’s gizmo security controls using our audit-style checklist/work program. Do you have the full range of controls in place? Are they effective in practice? In short, are they adequate?

Module #67 contents listing

NoticeBored is for you, yes you!

If this brief outline of our latest awareness module intrigues you, why not contact us to evaluate NoticeBored? We’ll send you a month’s awareness materials, a complete module exactly as it was delivered to our customers, plus an evaluation license for you to try them out. There’s no commitment or charge to evaluate. Find out what makes NoticeBored different and discover what led ENISA to describe us as “best practice experts” in security awareness. We can even help you build a budget proposal for your own security awareness program. When finances are tight, remember that awareness is the most cost-effective form of security. A dollar spent on security awareness achieves much more than a dollar spent on security technologies such as firewalls, antivirus controls and suchlike. Alert, security-aware employees who appreciate the symptoms of security attacks or incidents and know how to respond are far less likely to succumb. Make security everyone’s business with NoticeBored.