The Dos and Don’ts of Hacktober on Campus
Since Hacktober was created by Facebook in 2011, many companies have integrated Hacktober campaigns into the workplace to help educate employees on the importance of cybersecurity and how to recognize a cyber attack. With a trove of financial and customer data contained on their networks, businesses have a lot to protect. But so do universities and their students. Last year, Utah Valley University implemented its own Hacktober campaign to make students and staff aware of cyber threats and how their networks and data may be vulnerable. During the month, we held a lockpicking competition, a Capture the Flag event, a cyber checkup held by the Cybersecurity Club and a panel discussion by local cyber experts. After our second campaign this year, a few people have asked me how to run a successful Hacktober campaign on campus. As a result, I’ve come up with some tips on how universities can do their own Hacktober.
Get a head start. With most schools starting in August or September, the early part of the fall semester is not the ideal time to begin planning for Hacktober. So start planning early – ideally in the spring or early summer – with an initial discussion that sets dates and determines what kind of activities you will hold. This will also give you time to reach out to anyone you’d like to get involved. Starting early will help get your plans solidified long before October and also allow for any changes that may be needed later on.
Explain why you’re there. During our events, we are sure to point out that Hacktober is done in concert with National Cybersecurity Awareness Month (NCSAM). We make sure our students understand that Hacktober is not a small university effort but is done nationwide at other organizations. We emphasize that Hacktober is the university’s contribution to NCSAM and is done to help to spread awareness about cybersecurity. When we put it in those terms, we find that students become more interested in participating and in learning about how to keep themselves safe online.
Involve as much of the campus as possible. Getting students to participate in Hacktober is obviously the key to its success, but it also helps to get support from faculty and staff. We had the cybersecurity department play an essential role, as well as brought in members of the university’s Office of Information Technology, who educated the students on the proactive measures the university is taking to prevent a cyber breach on campus and why the students need to protect their information. We have also had support from the highest levels – last year, UVU’s president sent an email to the student body making them aware of Hacktober and why they should participate. An email from the university president always seems to resonate with students, and staff participation drives home the point that cybersecurity should be a priority for everyone.
You can even search off campus. I was able to mine my professional network and industry groups and bring in some folks to help out at some of the events. This can be beneficial to them too, as they look to recruit future cybersecurity professionals.
Find the right location(s). We publicized Hacktober in the weeks leading up to the month – through both traditional signage and social media/email – but to get more students involved, it also helps to hold the events in a room or hall that is well trafficked, which can draw in students who may not have been aware of the scheduled activities. Again, this emphasizes the importance of planning ahead. Our most well attended events were those that were in the student center, which includes the bookstore, food court and computer lab, and which we scheduled for use well in advance. An event that took place in a less busy area drew far fewer students.
Make it personal, inviting and accessible. Students are less concerned about the safety of their university data – such as their class schedules and grades – than they are about their personal data. When they understand what information can be accessed via their off-campus accounts – such as financial and other personal data – they become motivated to learn how to better protect it and also understand why their universities accounts should be protected. One Hacktober day, we set up a Cyber Checkup station in a busy hallway, where students could bring in their devices, enabling us to walk students through the simple processes of protecting their networks, accounts, phones, tablets and laptops. By making the security checkups personal, and doing so in a hands-on approach, we avoiding students merely stopping by and observing rather than actually doing anything about their online security. This approach also takes away a lot of the mystique around cybersecurity, which many people wrongly believe is “too hard,” as well as encouraged synergy among other students who passed by, wondering what all the fuss was about.
I highly recommend these kinds of interactive activities. Our lockpicking event is especially popular and helps to turn an abstract idea – cybersecurity – into something more visual. As students (and sometimes even staff) work to manipulate the locks we are able to illustrate, for example, how flaws in locks are the same as flaws in a computer.
Include giveaways. Students love freebies. Partner with a local cyber business or other company on providing web cam covers, notepads or charging cable and you’re sure to bring in bigger crowds.
Don’t be scary. Even though October is Halloween season, it’s important not to give off an attitude that we’re all doomed to be attacked by hackers. Don’t focus on the negative – talk about the things that can be done to protect online accounts, as opposed to “this will happen if you don’t.”
Don’t be too wrapped up in technical jargon. Focus on speaking language the students will understand. They won’t be concerned about the technical details, they just want to know the simple things they can do to stay safe online.
Don’t be afraid to try the things that work over again. Our lockpicking event was hugely popular. This year we did it twice, and the second event drew a bigger crowd who had seen it done the first time.
Don’t underestimate the power of students talking to students. Our Cybersecurity Club was essential to getting students onboard with Hacktober and educating them on how to better protect themselves online. They were much more effective than a teacher lecturing from the front of the class. Peer-to-peer interaction goes a long way.
While preparing for Hacktober might seem overwhelming, if you have the right team in place and plan well in advance, you can execute it fairly painlessly. By the time your second Hacktober rolls around, it will be as easy as updating your password.
Robert Jorgensen is an Assistant Professor and the Program Director for Cybersecurity at Utah Valley University