There are several things in Banker Tools that could be used.
1. Post one or two of our information security awareness signs in our training room. The one on "Passwords are like toothbrushes . . ." always gets a laugh.
Awareness signs. 2. Use the Information Security section of the SKIPO Training Game.
SKIPO 3. Utilize the Employee Guide to Information Security posted by Jesse Torres.
Employee Guide 4. Recruit a couple of "hams" in advance from among your staff and have them act out some skits that illustrate how information security can be compromised. Here are some possibilities:
-- Do a skit where one person plays a bank employee and another is a pretext caller, pretending to be one of your bank's customers. Have the pretext caller use various ruses to try to get around your identity confirmation procedures.
-- Set up a table or desk up front with a computer monitor and some files and two chairs. With one person pretending to be a bank employee and the other a "customer," have the employee leave the room and the "customer" then rifle through the paper on the desk and the computer to try to quickly obtain some confidential information.
You can also have employees make up passwords that aren't the ones they ACTUALLY use, but are ones they might use. Then, with an LCD projector and an Internet connection, take the list of passwords they've created and run them through this password strength meter to graphically illustrate whether they are strong or weak.
Password strength test. Play "Guess the Password." Have each employee pick one other employee and make a list of words, numbers, etc. that they believe that individual might have used as a password, or part of a password. Kids' names, pets' names, street addresses, car types, favorite foods, singers, artists, vanity license plates -- whatever they know about the other person's life and interests -- in order to show how a determined hacker can do a little research and successfully compromise a password if it's not secure enough (in terms of its composition).