Branding infosec: Why security should consider its own internal advertising campaign
If you want coworkers to support security, the first thing Nick Hilderman suggests is a positive attitude. “Security is often focusing on the negative aspects of things — on what could happen, the fear, uncertainty and doubt,” he says. Hilderman is senior security analyst at Finning International, a Canada-based distributor of Caterpillar equipment that is two years into an infosec advertising campaign. This campaign doesn’t market to customers. It’s an internal push to help Finning’s non-tech employees understand how important cybersecurity is.
Finning has long educated employees in security best practices. Before 2016, that education focused heavily on phishing — and was ineffective: Employees clicked through at above-average rates.