Humor can Combat Security Ignorance and Apathy

US Bank CISO ditches the negativity and creates positive security messages


I'm sure every security executive out there knows of at least a few people in their organization who are just plain terrible at protecting themselves – they fall for phishing scams and give out personal tidbits like moms giving out candy on Halloween. They are either ignorant of the risks and the security procedures to mitigate them, or they just don't care.

 

For many, the way to deal with these people from a security standpoint was through fear. You would probably be thinking something along the lines of, "we will scare them into protecting themselves by showing them all the bad things that can happen."

 

The CISO at U.S. Bank has taken a different approach to informing his "security constituents" – ie., regular banking customers – about adding basic security practices to their online experience. Greg Wood is tossing out the fear and turning instead to humor with targeted videos intended to both entertain and inform about – in this case – banking security best practices and procedures.

 

"These videos are a different way for us to share an important security message with the public," Wood said in a statement. "Consumers regularly see traditional, fear-based messages about their personal data. This awareness campaign takes a different approach, with lighthearted, simple and memorable messages inviting our viewers to think about how they share their information online and encouraging them to adopt important basic security practices."

 

The lighthearted approach takes the form of "Tami, the chronic oversharer." Tami's videos cover things like: going on a first date, seeing a psychic, and of course making sure you have a firewall set up, and creating a unique password that you only use for banking, shredding personal documents...the list goes on.

 

Here's a link to the Tami videos to give you the idea. While this stuff isn't Earth-shattering, it could certainly give you, as physical and IT security executives, insight into positive and humorous ways to attack the problem of apathy and ignorance of security programs and procedures in your organization and help get the word out.