The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program.
The package includes:
- A guideline on how to build an internal cyber-awareness raising program tailored to employees’ needs
- A guideline on creating an awareness campaign targeted at external stakeholders
- A how-to guide on how to select the appropriate tools and channels to best reach the target audience and tips for effective communication in social media
- Instructions on selecting the right metrics and developing key performance indicators (KPIs) to evaluate the effectiveness of a program or campaign
- A guide for the development of a communication strategy
- An awareness raising game, in different versions and styles, for a generic audience and for an audience in the energy sector. It also comes with a guide on how it should be played
- An awareness raising quiz to test comprehension and retention of key information (e.g., how to create good passwords)
Why security awareness matters
People have become cyber-attackers’ primary attack vector, which means that programs for raising cyber awareness are crucial for an organization’s cybersecurity strategy. The goal of these programs is to promote good cybersecurity practices of employees, managers and executives and improve their cybersecurity behavior.
A lot of advice can be found online on how to upgrade your security awareness efforts and engage your employees with better cybersecurity training, but sometimes organizations don’t know where to start.
AR-in-a-BOX can help them wrap their head around the task and push them towards realization.
“AR-in-a-Box is offered by ENISA to public bodies, operators of essential services, large private companies as well as small and medium ones (SMEs). [It] is dynamic and will be regularly updated and enriched,” the agency noted.
ENISA has previously published helpful materials for cybersecurity awareness campaigns aimed at electricity operators and the healthcare sector.