Securing BYOD for Schools
Student Data Security: A Call to Arms for K-12
IoT in the Education Space
A Collaborative Partnership to Engage Students to Drive Success...
High Definition, Interactive Distance Education
Phil Way, Associate VP and CIO, Northland Pioneer College
Thank you for Subscribing to CIO Applications Weekly Brief
Creating a "Cyber-Mindful" Campus Community: Responding to the Growing Threats of Social Engineering
By Thomas Skill, Associate Provost and CIO, University of Dayton
This new reality demands that we develop and deliver more powerful cybersecurity education programs that are engaging, sustainable and continuous. Toward this goal, our team at The University of Dayton Center for Cybersecurity and Data Intelligence has pioneered an engagement model called "Cyber-Mindfulness." This approach emphasizes three critical elements that significantly enhance the responsiveness of our stakeholders-Awareness, Agency and Action.
Most cybersecurity training programs begin and end with awareness. It goes something like this-Information is provided about personal and professional cyber risks, a few horror stories are shared regarding mistakes people have made and the session concludes with a list of things to avoid. In some cases, attendees complete a quiz and the results are logged for HR tracking purposes. This “one and done” model is great for avoiding liability when a breach happens, but the evidence suggests that it is generally ineffective in helping organizations avoid most social engineering exploits.
Our Cyber-Mindfulness model engages stakeholders in continuous learning about exploits and threats.
Identifying ‘doable actions’ that users can practice and achieve on their own are critical to a successful cybersecurity program
Translating the concepts of Cyber-Mindfulness into effective engagement tactics requires that we approach cybersecurity as a marketing communications challenge. With that in mind, we must build and sustain a trusted relationship with our user communities. Here are six engagement strategies for establishing a cyber-mindful user community:
1. Invite users into the cybersecurity educational program with friendly messaging–absence of IT jargon and the “arrogance of expertise.”
2. Appeal to both personal and work-related cybersecurity needs. Helping users better secure their personal information assets will strengthen trust.
3. Stop “shaming and blaming” users for mistakes-instead, recognize and reward all efforts by users to engage with IT around security issues.
4. Share frequent communications with your stakeholders that blends serious and humorous information on good practices, effective behaviors and emerging threats. Offering games and prizes are great ways to keep folks thinking about cybersecurity.
5. Phish your stakeholders at least monthly-but not as a “gotcha” program. Frame this activity as our exercise for getting and staying in shape so that we can beat the bad guys. Also, be sure to report back to the community on what the “tells” were and how your team is performing.
6. Train your IT staff on how to be “user friendly” with your stakeholders. Welcoming “false positives” and encouraging users to engage early and often with your IT service team is critical to long term success.
Cyber-mindfulness seeks to build awareness, shape attitudes and impact behaviors in significant and measurable ways. Empowering users with useful information, a sense of shared responsibility and frequent opportunities to practice their cyber-defense skills will greatly assist organizations in shifting the role of users from victim to early alert agent. The goal is not to make our stakeholders into cybersecurity experts but rather to create a culture of shared responsibility around the protection of our information assets-and it all begins with cyber-mindfulness.