LEA Working Group Insights on Awareness-Raising
Awareness-raising campaign in school within the frame of PLV’s “Help and Protect”
The CC-DRIVER Law Enforcement Agency Working Group, which aims for an exchange of experiences and best practices with a specific focus on cybercrime among EU Law Enforcement Agencies, has concluded its third gathering. In this virtual meeting, organised on Friday 11th June 2021 by Valencia Local Police, seven LEAs from five countries (Finland, Germany, Greece, Slovenia and Spain) discussed best practices and lessons learned on awareness-raising campaigns conducted by LEAs.
Awareness-raising campaigns seek to bring about change in individual behaviour in line with social norms and attitudes. LEAs have a crucial role in preventing cybercrime by means of awareness-raising, and as agreed in the meeting, social media constitute a magnificent way of putting LEAs in close touch with citizens, especially young people. The main points of discussion are further discussed in the relevant paragraphs below.
The European Union Agency for Cybersecurity (ENISA) published last April the European Cyber Security Month (ECSM) 2020 Deployment Report. It shows a threefold increase in engagement in 2020 compared to 2019. There are several best practices pointed out in the Working Group in order to achieve this increase. On the one hand, the coordinated, simultaneous actions by means of a joint effort in the same topics (cyber scams and digital skills) and hashtags (primarily #ThinkB4UClick) seem to have helped in achieving these good results. On the other, the great availability of material (easily downloadable and printable, translated into the participating members’ 24 languages) as well as the use of different mass media has also played a crucial role.
The Spanish National Police Twitter account @Policia is the most followed LEA profile globally (3.5M followers). It has enhanced its public service and has contributed to building trusted relationships with citizens thanks to a dynamic two-way communication. This case contrasts with a usual challenge pointed out in the Working Group: LEA Community Managers (CMs) might lack expertise in the field, as the best CMs are usually in the private sector, which offers higher earnings. There is further space for improvement in cybersecurity awareness-raising campaigns conducted by LEAs, because those cybersecurity experts that are in public service usually conduct investigations rather than doing awareness-raising or prevention campaigns.
On another note, the EU funded H2020 project Medi@4sec was mentioned, finished in 2018, which focused upon the use of social media for public security purposes, and among its outcomes, it compiled a worldwide mapping of LEA best practices on social media, publicly available on its website.
Several victim-oriented campaigns were discussed in the meeting, among which the EUROPOL campaign “Say No!” was highlighted. Its aim is to raise awareness on online sexual coercion and extortion affecting minors. Most of the victim-oriented campaigns done by the participating LEAs focused on the protection of young people against cybercrime and businesses against ransomware. Advertising risk reduction and an increase in rewards for the victim are considered good practices.
Concerning LEA offender-oriented campaigns, the LEA Working Group discussed several examples and best practices. Again, a EUROPOL awareness-raising campaign (Cybercrime vs Cybersecurity: what will you choose?) was brought up as an example of a well thought-out campaign. The Finnish Police also mentioned a multi-actor intervention program that is being done on young cybercriminals who already committed cybercrime, or that might potentially commit such crimes in the future due to their interests and expertise. Some other offender-oriented campaign best practices discussed in the Working Group include: advertise increased risks and reduce rewards, focus on specific crimes and geographical areas and present a realistic, viable alternative to the offender.
Regarding information management in social media, in scenarios where social order and public security is compromised, such as terrorist attacks, Twitter has been proven to be an effective way to counter rumors. In these scenarios, LEAs Twitter profiles should become a fast, reliable source of information. Munich Police and Mossos d'Esquadra are good examples of best practices on information management during and after a terrorist attack. Besides providing fast, updated information, developing a communication checklist beforehand for these kinds of incidents is a best practice that has already proved its value.
On a final note, cybersecurity was said to be a shared responsibility between public and private agents, and the LEAs in the Working Group made clear that an exchange of information must be fostered. It is a fact that the private sector underreports cyberattacks and/or might delete evidence, and this poses a serious challenge to LEAs when fighting cybercrime. Therefore, better cooperation channels and stronger public-private partnerships will enhance LEAs response to this issue of growing importance.
Download this blogpost in Spanish: