Earlier this week we talked about the upcoming National Cyber Security Awareness month in October  and how to leverage it.  One idea I would like to add is the "Security Checkup Booth".  The idea is this.  Create a booth in a high traffic area of your organization, perhaps near the cafeteria, lobby or major entrance/exit point.  The booth is then staff by a member of your security team.  Any employee/staff member can then bring any device in to have it checked by the team, including security settings, see if their device infected, and ask security related questions.  I leave it to you to decide if you will check only work related devices, or also include personal ones, but you will most likely get far greater engagement if you review personal devices also.  I see some real win-wins here.
  1. You put a friendly face on your security team, people will have a better understanding of who you are and more likely will interact with security in the future, including asking questions or reporting incidents.
  2. Obviously device security will be improved as you and your team identify and correct mistakes.  However even more important you can use this opportunity to reinforce key behaviors, such as showing people how to update their device and the importance of always ensuring it is current.
  3. Metrics.  You can get a real feel for how secure your organization truly is.  Is there more BYOD (Bring Your Own Device) then you thought, what are the most common misconfiguration issues, what questions did your team get the most?
Have you ever tried anything like this, any lessons learned you can share?