Facebook’s “Hacktober” tests employees’ security awareness
Since 2004, October has been dubbed “National Cyber Security Awareness Month,” and many security-minded individuals, businesses and organizations make it a point to mark it.
For the second time in a row, Facebook has celebrated “Hacktober” by testing their own employees with simulated attacks and threats.
“Webinars don’t exactly fit in well here, so we wanted to do something unique in line with our hacking culture to teach employees about cyber-security. We took the theme of October, fear, and pranks, and created something that is both fun and educational,” Facebook Security Director Ryan McGeehan shared with Mashable.
The threats were designed by Facebook’s own engineering team, and “set loose” throughout the month. They consisted of scenarios that the employees may and will surely encounter on their current job.
For example, they launched a worm to simulate some of the spam campaigns seen on Facebook and other sites, and waited for the employee’s response.
“Within minutes, we were overwhelmed with reports from employees and it was a wild success, McGeehan says.
Users who reported the threats were rewarded with Facebook-themed swag (T-shirts, stickers and bandannas), while those who failed to spot them can look forward to additional security training.
“People don’t always lock their doors until they have been robbed,” points out McGeehan. “It’s easy for cyber security awareness month to go by like a trip to the dentist, so we wanted to do something with an impact and not have the security team talk down with tips to the rest of the staff.”