Cyberspace::UK opinion on this.
Recently, Facebook announced privacy pop-up cafe’s across the UK; reported around the UK media on:
and other reputable sites etc.
The move by Facebook to reach out to users in coffee shops is as effective as arranging voluntary drop-in sessions in the generic workplace environment. Unless you are frogmarching people into those sessions, even if you do buy them a coffee, then you are wasting your time on something that seems little more than a publicity stunt for Facebook given their dire privacy record.
Why? The people who will engage with you in those sessions are already positively engaged with security and may like to learn more or have concerns they’d like to address. And that’s a great thing. Bravo. But would this be good enough as a single course of action?
The answer is no. In our experience, in your workplace, it’s those that are too busy or don’t see how it affects them or too important to attend that you need to address. It will take an awful lot more than a free cup of coffee in only specific, destination locations.
Some may say, well, so what? They are busy, and they are essential. I’d agree. They are very busy people and necessary to the business, which is why they are a more significant risk that needs mitigating.
It’s always a challenge to ensure Security Awareness is spread across an organisation as efficiently or as widely as possible and yes, you must try all sorts of strategies. But for an organisation like Facebook to opt for a few coffee shop pop-ups? They need to do that as a prolonged tactic alongside several strategies.
Others would say, well, at least they are doing something, and part of me agrees. It would seem any progress is good progress and the recent push towards clarifying privacy settings is also a “good thing”, but Security Awareness is a little like painting the Forth Bridge. It’s never quite finished.
But how would you address Information Security and the crossover with Social Media in your organisation? Would you be tempted to copy FaceBook and hold a few lunch and learn sessions? Or would you recognise that you need to do more?
You’ll have a multitude of communication channels if your a medium to large organisation and access to some teams to organise content. The smaller ones would have the advantage of agility. But the question is, are you addressing the privacy and security issues that matter? Are your employee’s security-aware, especially when it comes to Social Media? Are you reaching everyone with the right messages?
We’d be happy to discuss this matter further in private consultation if you like or if you’d prefer, we can invite you to our new podcast launching soon. Just say something in comments or reach out using Social Media or our contact form.