Think Like a Marketer
Several presenters touched on the idea of making cybersecurity training programs and awareness activities more interesting with the use of internal video ads, humorous posters, giveaways, and more. They mentioned the importance of getting people engaged, and they suggesting tapping into marketing and communications resources, as that is their wheelhouse.
By using engaging pieces of awareness content, you can draw end users in and start people talking (and thinking). Then other related activities don't feel like so much of a chore. As we've noted in the past, security awareness and training programs do not have to be a snooze fest.
Know Your Audience
This is, in some ways, an extension of the last two points, but it goes beyond thinking of your end users. You should certainly make efforts to resonate with your employees, but you also need to speak the language of the other stakeholders in your organization. When presenting to your executive team, focus on the types of information that will be meaningful to them (hint: think business impact). And think about the clock and the calendar; you're less likely to have success when teams are in end-of-quarter crunch, for example, or if they are trying to wrap up for the day.
As one of our speakers noted, "The presentation of the data is as important as the data itself. If you want to be successful, you need to think about having your message presented by the right person at the right time."
Be on the Lookout for Social Engineering
This piece of advice is based on something we ourselves experienced in our preparations for the start of the Wombat Wisdom Conference, and it's something we felt strongly about sharing with you. We actually had an imposter register for our event. This was someone affiliated with a competitor, and she used a false name and even tried to mask her ties with this company by deleting information from social media profiles.
Thankfully, we were on the lookout for something like this, and we caught it well in advance of the start of our event. But it's worth noting the lengths this individual went to in an effort to gain inside access to the customers and prospects who would be attending our event, as well as the information and advice our presenters would be sharing.
Though the idea of imposters, cyber espionage, and "infiltrators" might seem far-fetched from where you're sitting, it's critical that you be on alert for the potential machinations of competitors and cyber criminals, particularly if you are hosting or sharing IP with customers and prospects in a semi-public venue.