Facebook decided that the best way to protect itself and its employees from hackers was to hack its own employees, and it did just that in October, holding its second annual “Hacktober.”
Mashable reported on the month-long event, in which the social network staged simulated security threats against its employees’ computers, rewarding those who reported threats or phishing scams with prizes including Facebook shirts, bandanas, and stickers, while “punishing” those who failed to report the events with further training.
According to Mashable, Facebook’s engineering team customized threats based on the types of incidents employees might face in doing their everyday jobs, and postmortems were held on each hack to explain how it occurred and determine how to prevent similar actions.
Security Director Ryan McGeehan told Mashable:
Webinars don’t exactly fit in well here, so we wanted to do something unique in line with our hacking culture to teach employees about cyber-security. We took the theme of October, fear, and pranks, and created something that is both fun and educational.
We launched a worm to simulate some of the spam campaigns we see on Facebook and other sites, and this was our grand finale. Within minutes, we were overwhelmed with reports from employees, and it was a wild success.
People don’t always lock their doors until they have been robbed. It’s easy for cyber security awareness month to go by like a trip to the dentist, so we wanted to do something with an impact and not have the security team talk down with tips to the rest of the staff.
And Jenn Lesser, an operations manager on Facebook’s security team who worked on Hacktober, added:
The biggest challenge we face with security awareness is that employees in general don’t care about it until there is an issue, and at that point, it’s too late. Hacktober gives people a real-world-like event and encourages people to respond. If you give them a quick quiz about security, you won’t get the type of engagement we do on an ongoing basis. People are still posting to an internal group about how to respond to issues.
Readers: Do you think more companies should turn to stunts like Hacktober in order to improve their employees’ awareness of cyber-security issues?
Hacktober T-shirt image courtesy of Mashable.