Editor's Note: This month's guest blog post is from the team at HCSC (Health Care Service Corporation). I know of organizations that have hosted booth events where employees can bring their personal mobile devices to be reviewed and ask any security related questions they have. But I have never seen it taken to this level, I love how HCSC has made mobile device security such a personal, fun and engaging event.
In preparation for a Bring Your Own Device (BYOD) roll-out, our team held a "Mobile Device Clinic" for Cyber Security Awareness Month. Prior to the event, we passed out flyers letting employees know that we would be holding the clinic, and encouraging them to bring their personal mobile devices to the event for a "check-up". On the day of the event, our team and a few volunteers dressed in white lab coats and/or scrubs, with stethoscopes around our necks. We decorated the clinic to include things you'd find in a doctor's office (e.g. cotton swabs, cotton balls, tongue depressors, etc). These were all in glass jars with silver lids on our tables. Also, an EKG monitor that we created with a mobile device moving along the monitor in the same pattern that a heartbeat would.
We all had clip boards with customized prescription pads bearing our departmental logo as the signature and a check list of safeguards (such as "enable auto-lock", set pin/password, enable erase data function, and enable block pop-ups) that we checked off as we assisted each "patient" with implementing them. At the end of each check-up, we handed each patient a huge lollipop with our logo on the wrapper. Also, every thirty minutes, we performed a live demonstration on a large monitor on how to implement these safeguards on IPads and IPhones. This cut down some of the traffic from one on one demonstrations. We also, held a drawing for a free kindle.
So, did we have an impact? We do not know yet as the BYOD program is still being rolled out. However, we do know that this event generated a lot of interest. Given that the employees stopped by on a voluntary basis, having more than 1,000 attendees was considered to be a great success. Also, the Chief Information Security Officer (CISO), received so much positive feedback from his peers and other employees that he requested for us to hold the event in our Texas office as well. We had similar results there.