Today is Friday the thirteenth, a classic opportunity to do something special as part of the security awareness program. How about organizing a fancy dress day with a parade, award ceremony and after-hours social event?
The horror movie theme is obvious, perhaps too obvious ... but it's not hard to think of variants, ranging from the very simplest "Wear black or blood red" through "Dig out your best Halloween costumes" to "Audition to be a horror movie extra". You might give it more of an information risk and security spin by circulating stuff about malware, scams/frauds and nasty incidents, or not: a more subtle association might be good enough, a way to lighten-up a bit.
I appreciate it's far too late now to organize anything special for today but if you are keen, there are lots more awareness opportunities coming up throughout the year:
- May 25th, GDPR implementation deadline, an obvious candidate for a privacy day (we're already on to that one!);
- Other Friday thirteenths (the next is in July, then none until 2019) and Halloween (the last day of October, on a Wednesday this year);
- Black Friday when everybody allegedly goes mad, doing their shopping online in the run-up to Christmas and Thanksgiving. Possible awareness topics are online/Internet security, identification and authentication, performance and availability, business continuity ...
- Minefield Monday, Super Tuesday, Wonderful Wednesday, Thunderous Thursday, Farcical Friday or whatever: nothing stops you inventing a special themed day (or a week or more) and running activities on some awareness topic that needs a boost. If it is not a public event, though, you and your team will have to do all the publicity yourselves;
- Turn a specific awareness topic into a themed event - a backup day, maybe, or patch Tuesday, or ... well hopefully you get the idea;
- April Fool's Day - how about focusing on social engineering or fraud?
- Hook in with special events such as "tax day", "world safety day", new year's day, election day and the like, finding and exploiting the information risk and security angles, perhaps in conjunction with colleagues from Health and Safety, Facilities, Finance, Risk Management, Legal/Compliance etc.
If none of these ideas grabs your imagination, perhaps your colleagues can come up with something better. Turn that into a challenge if you like, opening it up to the workforce to get creative and suggest an information security themed day, event or activity.