Wednesday, 10 August 2016

Smooth Sailing in the Dragon’s Den

On a beautiful morning on the Thames, aboard the HQS Wellington, our very own Jim Shields participated in an ISSA-sponsored, Dragon’s Den-style program to tout the benefits of Twist & Shout, “Restricted Intelligence,” and the challenges of information security training, without hearing the words everyone entering the Dragon’s Den fears most: “I’m out.”

It’s an event organized every year by the ISSA. Speakers are given 10 minutes to sell the judges on a big idea, with keynote speakers included throughout the day.

Jim felt confident. Armed with a solid presentation (including key video pieces) Jim felt assured of a positive outcome, even in the face of the challenges one would expect presenting on a big boat (sea sickness, capsizing, being swallowed by a whale, etc.).

Hushed with anticipation, Jim started with the sad facts surrounding information security training. In spite of increased malware and cyber attacks, traditional training methods aren’t working. Management wants visceral responses to know their employees are engaged. In order for this to work, you need to get everyone’s attention and you need relevance and appeal.

Unfortunately, when it comes to infosec, what’s relevant is not all that appealing. Further, awareness is not the same as engagement. For example, we know speeding is a crime. However, when we’re late for a meeting and there’s no one around…

We could sense from Jim’s recording everyone in the room was on the edge of their seats, literally dying to know what the solution could be.

Jim replied with a key question: So how do we get their attention? Which lead to another key question: What else gets their attention? Meaning, what are people passionate about?

For one, people are passionate about things like “Breaking Bad.” Call lines were set up to help people cope with the end to this ground breaking show. Listening to the audio, we could tell the audience was nodding, maybe even weeping. “Breaking Bad” was amazing.

Then, Jim said, “Everything I know about thermonuclear dynamics, I learned from ‘The Big Bang Theory.’”

You learn when you’re laughing because the information becomes memorable.

And bigger than these shows is the marketing surrounding it.

The solution for informing employees and getting them engaged with compliance is to create a show like “Breaking Bad” or “Big Bang Theory.” To create characters and situations viewers can relate to. To provide materials both management and employees can use to keep the conversation going long after the credits roll. And to have a few laughs.

To keep the show, now in its fourth season, relevant, “Restricted Intelligence” addresses possible threats like third-party suppliers, over-sharing on social media, physical access, phishing, whaling, ransomware, and public Wi-Fi.

The results? 25 episodes over four seasons, 150 campaigns, 35 languages, 4 million employees engaged, a major international award, and a new series, “Tuesdays with Bernie,” a light-hearted look at compliance issues surrounding bribery and corruption.

Why does it work? It’s a formula that makes information security issues relevant to employees. There are always personal consequences at the end of each episode. Protecting Generic Corporate Data can be very abstract for employees, who are left asking “What does that actually mean?” “Why do I care?” Whereas if you make the issues and the consequences personal, they’re more likely to change their behavior.

This creates a fan base of engaged employees who know the show, know the characters. Which in turn trains employees to behave like, say, the Mentalist. They notice more, they’re more aware. They become a network of sensors, reporting little things that they spot and behaviors they see. Ultimately, it’s very hard to be a “bad actor” (excuse the pun) in the middle of this culture. It’s very hard to get away with anything when you’re surrounded with concerned, engaged employees.

Needless to say, after we accidentally turned up the volume on our speakers, the audience erupted into a frenzy of accolades and applause. It was deafening. Did Jim win the Dragon’s Den? Unfortunately, the recording ended before we could find out. But we didn’t care.

We were engaged.

No comments:

Post a Comment