Cyber Security Awareness Month 2022

This internally focused campaign was planned weeks in advance with a collaboration between the Cyber Security and Communications team. We decided on the overarching themes and key messages - in line with the approach suggested by the organizers of CSAM22. I was then responsible for turning this into an actionable plan and writing the collateral to execute each stage - checking in with the appropriate subject matter expert on the CS team. You can read the full article below.

Our internal channels were limited to intranet news items - which could include text, images and video - and a specific channel set up in MS Teams. Email was excluded because audience research had shown that most employees preferred email for 'must know now' or 'immediate action required' information, rather than strategic campaigns like this.

Our somewhat dramatic start the campaign - approved all the way up to the CFO - was deliberately contentious and caused the stir and interest we were hoping for. Not only was it read by over 80% of the organization (using Google Analytics on our Sharepoint intranet site), employees were invited to discuss their reactions on the dedicated Teams channel set up for this campaign. And they did! Within 24 hours, there were an unprecedented 150 comments with over triple that in reactions. This conversation was monitored by the CS and Comms teams, with the latter providing assistance and guidance so that the SMEs could actually be on the ground replying.

A highly successful campaign which raised awareness and engagement across the business about one of the most important issues facing nuclear (and other) companies.

purple and pink light illustration
purple and pink light illustration

FULL ARTICLE

Your chance to win £5,000

Just click on the link at the bottom of this article and enter your NNL user name and password. You'll be automatically entered into the draw to win £5000!

Click here to enter the draw.

Did you click thinking about the possibility of £5000? Do you have your NNL user name and password ready to go? Or were your suspicions raised that this was perhaps too good to be true?

I'm afraid that unless you were in the latter category, you're likely to be disappointed! There is no £5000. We were just looking for an attention-grabbing way to talk to you about Cyber Security month (October).

Did you know that NNL is subject to [redacted] cyber attacks every single day? That adds up to [redacted] a year! Pretty relentless.

And phishing - like the promise of £5000 - is just one of the ways in which we're attacked. The Cyber Security team and the various systems we have in place are on constant alert and many of the attacks are dealt with automatically. But just like safety in the business, it's quite often us - employees - who are the potential weak link in the chain.

Phishing attacks appeal to our emotions - in this case, financial interest! But it could be our sense of urgency (click this now or miss out) or fear (there's a problem which will get worse unless you click this link now) or even our ego (click this link and you'll get VIP status).

This is just one of the reasons why every single one of us has to complete our basic security and cyber security awareness training before we can even be given our NNL pass when we start working here. But it's not one and done when it comes to cyber security. Threats evolve and change. It only takes one success to potentially cause havoc. We're using this awareness month to introduce you to some of the key issues but we will be continuing with information and support on a regular basis.

Whether you clicked through to this article ready to type in your password or with one eye already on the 'report phishing' button, why not share your thoughts on the Cyber Security Awareness Month Teams channel we've set up?

We'll be publishing more articles during the course of the month talking more about phishing, cyber security at work and at home. The next article will be a video interview with our Chief Information and Security Officer, [redacted], where he'll be talking about some of the issues we face in the business and what we can all do to address them.

If you have any questions or comments, please let us know by commenting on the Teams Channel or you can email us on [redacted].

[Name]
Head of Cyber Security