LIBERTY LAKE, Wash. – Changing a password every month like you’re supposed to doesn’t do much good if you write it on a post-it note and stick it on your monitor. That and other points well made were among the lessons that Nicole Tutt, network security administrator, tried to bring home to her 285 or so colleagues at Spokane Teachers Credit Union during the $658 million CU’s in-house Network Security Awareness Week held May 17-21. They were also points well taken, Tutt says. “We were really pleased with the reaction we got,” she says. “For instance, we sent out daily e-mails and from the questions that were asked from those, we could tell that people not only read them, but were responding. That’s exactly what we were going for.” A centerpiece of the week-long effort was a 12-minute video produced in-house that shows the pitfalls and importance of password protection and other basics of network security. The video was written by Tutt and shot and produced by her colleague, network administrator Dan Fischer, who does video work on the side. It starred CU staffers, including one who Tutt says blithely “does something interesting on her computer, and then we show the whole scenario of how it affects the entire credit union, all the way to people waiting in the teller lines and getting frustrated while that employee is shown working out at the gym.” All in good fun, of course, but the message is clear: Computer security is an essential part of protecting the heart of the enterprise: member service and members’ personal financial information. And it can begin and end at home, too. “We stressed that the things they’re learning at work apply to their home PCs, too,” Tutt says. “It’s all part of a general awareness of computer security.” The video – viewable online at staffers’ desks – debuted at a credit union-wide staff meeting which also featured Tutt and some of her co-workers marching in wearing black T-shirts with “network security on them in big letters,” she says. “We also sent out daily e-mails that included contests with prizes, such as digital cameras.” The daily messages were on such topics as password protection, spyware and how to handle suspect e-mails, and the contests included such creative ideas as showing a computer screen with some obvious security issues going on and asking the respondent to identify how many problems he or she saw in the picture. The team also distributed mouse pads with such reminders as “a password is like a toothbrush. You shouldn’t share it and it should be changed frequently.” Or, “Treat all files as guilty until proven innocent.” “The marketing department made it look really nice with a digital image of a lock and our credit union logo,” Tutt says. “And the whole effort was also fun to do because people often think of us in network security as the fun-busters, and we wanted to let everyone know how important security is in a way that wouldn’t turn them off,” she says. The week-long effort, which she says will be repeated next year, also gave Tutt a chance to share with the rest of the credit union how multi-layered security really is, and how much of a team effort. “Just as we can’t rely on a single safeguard, so we use anti-virus software, firewalls, outside intrusion testing and so on . well, it’s the same thing with the credit union itself,” Tutt says. “You have a branch where you lock the doors and limit the hours, and there’s a vault for the high-value stuff and limited access to who can go behind a teller line . well, it’s the same idea with computer security,” the CU network security administrator says. “It’s a team effort that works a lot of levels. We’ve been very fortunate not to have had problems with worms and viruses and intrusions in our internal systems, and together we can help keep it that way,” she says. -