One of the things I like to do is keep my eyes open and learn from other awareness campaigns. In security we can often forget that we are not the only ones facing the challenge of educating others. From the CDC and their zombie apocalypse to the pink ribbons of National Breast Cancer month, there is a tremendous amount of great work we can learn. Obviously there is much more to awareness than simple promotions like this, but the first step to any campaign is engaging people, getting their attention and getting them to listen. While walking the streets of Chicago last week at SANS Chicago I ran into these, mannequins setup downtown on Wacker drive. It immediately got my attention. When you walk up close to them, they had on their shirt "One of 32 pedestrians killed last year in Chicago". This, I learned, is part of Chicago's campaign to make walking the city safer (which I think is great!). Perhaps we could learn from this and setup laptops around the organization, put crime scene tape around them, and say "One of 32 computers hacked this month"! What other great awareness campaigns got your attention?
PS: I got a chance to chat with some CDC folks last week at the ISSA CISO Forum. Turns out that their Zombie campaign actually started as a simple blog post. The blog's popularity caught the CDC totally off guard, it crashed their infrastructure within hours of being published. Imagine if we could engage people like that with awareness training!