Nearly every day we hear about another cyber attack on a company or the leak of massive amounts of sensitive data. Most of us are aware of the cyber dangers facing individuals and companies, but most employees don’t realize the important role they play. Employees are the true first line of defense in keeping a company’s data and IT infrastructure secure.
Raising awareness of security risks and how these risks could cause an issue with the information and/or network security is a valuable investment for any company’s cyber security program. For this reason, XL Group’s Information Risk Management (IRM) Department conducts security awareness campaigns in various forms including videos, posters, email campaigns, blogs and online training modules.
The challenge, however, is how do you grab your colleagues’ attention so that you can pass on some helpful information - information that not only helps us protect XL Group’s information but theirs as well. Like everyone in today’s connected world, our colleagues are inundated with messages, heavy workloads, various business initiatives, emails and meetings.
In order to get our message across we needed to capture their attention because we have to enlist them in the ongoing battle against cyber threats.
A Little Encouragement
For 2014, we decided to make our message both professional and personal. That meant we needed to provide information that would resonant both in the corporate environment and with their own personal data.
Next we considered how to roll out the campaign. A competition seems to get noticed. We looked at competitive opportunities between regions, business segment and office locations. This type of competition, however, didn’t seem to fully embrace the cultural attributes that defines XL: responsibility, passion for excellence, integrity and efficiency.
Rather, we wanted everyone to work toward a common goal. To that end, we decided to ask our employees to accept a challenge on behalf of a charity. Appealing to their sense of social responsibility, we asked them to watch an educational security video and in turn, for every view of the video, we offered a $1 donation to charity.
Given that hacking and breaches affects companies as well as individuals, we were confident that once our colleagues realized the lessons would benefit them both in the office and at home, they would be more receptive to viewing a series of videos.
Choosing a Charity
Our next step was to choose a charity whose work would appeal to our colleagues globally. After all, we still needed them to commit a few minutes out of their busy schedules to view a short video with very helpful messages about information security.
Because we are a global organization, it was important to find a charity that would resonate with our colleagues in more than 20 different countries. After considerable discussion, our team picked Médecins Sans Frontières (MSF) which worldwide is more commonly known as Doctors Without Borders. MSF is an international medical humanitarian organization providing aid in nearly 70 countries, to people whose survival is threatened by violence, neglect or catastrophe, primarily due to armed conflict, epidemics, malnutrition, and exclusion from health care or natural disaster.
“One Minute, One Click, One Dollar”
We created a series of seven educational videos around protecting XL, its data, mobile devices and personal data. Topics included spear phishing, phone phishing, bot nets and social media threats. Most of the videos were less than one minute in length. They were introduced monthly through emails and blogs.
For each video that a colleague watched, the IRM team committed to contributing $1 to “Doctors Without Borders”. The goal was to have the videos watched by XL colleagues 10,000 times thus raising $10,000 for “Doctors Without Borders”.
In the end, this series of videos generated the largest volume of statistics related to any one initiative at XL. Most importantly, we were able to engage our 4,500 XL Group colleagues worldwide in protecting XL Group’s information and their personal information while donating to a worthwhile and notable charity. We’re confident that our colleagues learned something about information security threats and spread the word to friends and family. Equally important, our colleagues are more aware of suspicious activity that could jeopardize corporate information and network security. We have more help in protecting valuable information.
Getting security awareness messages across can be challenging for any business. Appealing to our colleagues’ strong sense of social responsibility with our pledge to help a global charity was a highly successful combination. It’s a combination that many businesses can replicate to help their colleagues learn more about online security that will help boost their own cyber risk management efforts.
About the Authors. . .
Thomas Dunbar is the Chief Information Risk Officer for XL Group Ltd. Dave Cameron is VP, Information Security and Todd Spano is an information security specialist on XL Group’s Information Risk Management team. Tom, Dave and Todd and their teams are responsible for XL Group’s overall Information Risk Management program, including the company’s information risk and security strategies, tactics, planning, governance, architecture and operations.
