This is great. A whole MONTH. Lordy. And this is the tenth year – impressive.
So – what can you do to get security onto everyone’s radar. Well – here are a few tips for the best way to inform employees about their responsibilities with respect to sensitive information.
Think like a marketer.
In a previous blog post I talk about how information security people need to behave more like their friends in the patterned shirts and designer glasses. Never forget that this is a SELL. You need their attention, they should get something in return. No amount of compliance training will make them learn new habits, but teasing them with goodies just might.
Make a trade
Information Security Departments use all sorts to bribe their users into habit forming. iPad mini’s, vouchers to redeem on holiday, coffee and doughnuts – all useful contraband. BUT – most of these are simply prizes. If you can offer something that also reinforces the message of security then that’s just the gift that keeps on giving. Entertainment-based awareness can both offer a reward AND deliver the right messages if done properly. And it lasts longer, doesn’t stain the carpet, and it might just move the needle.
Keep it Real
Most importantly, when you are communicating with staff, be sincere. Internal communications can have a rather anodyne tone to it, and the best case is that these are the emails that get deleted. The worst case is that they hate you for being patronizing. This means writing in a way that is human,friendly and local. Write like you are having a conversation, and if you’re really lucky it might just turn into one.
The old sales acronym holds some swell here.
A – Attention (Did I even notice you, or did I hit delete)
I – Interest (Are you interested? What in? Policy – or fun / freebies.?)
D – Desire/Decision. (Your freebie / entertainment worked. I desire more please.)
A – Action. (I realize you need me to do something. Go on then. You seem nice.)
Alec Baldwin said it best in a classic movie favourite of mine, GlenGarry GlenRoss. Possibly not safe for work, just so’s you know. Fruity language and all, but cracking drama. My little gift to you for reading.
If you are a security person who works for a charity, stay tuned.
We're celebrating Cyber Security Awareness Month with an award and a prize just for you.