The other night while eating dinner, my wife and I were talking about the ALS Ice Bucket Challenge videos that have dominated the web recently. I mentioned one that I thought was particularly well done (if you are interested, I was referring to Dave Grohl from the Foo Fighters and his spoof of the film Carrie).
My wife said she did not get the point of this since it was not, in her opinion, doing anything to raise levels of awareness (and money) around the horrible disease ALS, also known as Lou Gehrig’s disease. I begged to differ with her on this one. In my mind, this was an interesting way of “thinking outside the box” to raise not only money, but also to draw the masses into having conversations about this disease while also encouraging them do more research into it. Now you may be asking yourself, “Where is this guy going with this and how does the ALS Ice Bucket Challenge relate to security awareness?” Let me explain…
I am part of the security team here at Rackspace, and we always have to find ways to engage the business and Rackers to make them “aware” of security issues and urge them to be part of the solution. Our security awareness program and everything associated with it needs to match our unique culture and the life-blood of the company – which typically involves thinking outside the box. We can’t have a normal “cookie-cutter” or “death-by-PowerPoint” type of awareness program, since it does not match our culture. Now don’t get me wrong, in some companies and environments that method does work and achieves the needs of the security team to raise levels of awareness. Regardless of the approach (formal versus informal), one of the by-products of our awareness program (and any awareness program) should be to engage our Rackers and spur them into having a conversation about the awareness training. For example, as I discussed in my last article, we actively phish our Rackers. We do a good job phishing our Rackers and educating them on the power of just one good phish. We have had some great conversations about this, and some other aspects of the awareness program at Rackspace with our Rackers (sometimes good, sometimes bad), but regardless, it sparked a conversation among Rackers! And that is something that is invaluable from an awareness perspective.
So how does the ALS Ice Bucket Challenge relate to our Security Awareness program at Rackspace? It’s simple; the Ice Bucket Challenge is an example of thinking outside the box to raise awareness of ALS, while Security Awareness represents the Rackspace security team thinking outside the box to raise awareness of security best practices. Both are using unique methods to raise awareness; and with Security Awareness you don’t get drenched in ice-cold water (unless for some odd reason you want to, of course).
Oh, and just for fun, here are some examples of Rackers around the world participating in the Ice Bucket Challenge:
Australia and New Zealand:
Belgium, Netherlands and Luxemburg: