Security can be a sticky subject to engage people with, and the chances are even some of your most tech-savvy developers think it gets in the way of a smooth user experience. But you and I know that in 2019, when brand loyalty is increasingly hard to come by, the best user experience is a secure one. Thing is, you need the support of your entire organisation to truly deliver this. So, here are five ways to make your security awareness campaigns sticky for the right reasons, i.e. totally awesome and unforgettable. Hopefully, it’s already sounding simpler than you might have thought…
One fundamental before we stuck in: make friends with your comms function. First, get their buy-in for what you want (and need) to say, and providing you win them over with a little charm, this will give you a good understanding of what you’ve got to play with. They’ll know what else is going on that could compliment or support your message, help you tailor tone of voice to different audiences, and they ’ll have a direct line to the top to get some all important endorsement from senior management.
Gradually, more technology is being developed to be secure by design, but even though we’re more familiar with seeing security measures form part of our daily routine, it’s easy to dismiss it as too techie to take responsibility for. Convinced we have no time or mental capacity to take anything else on, we turn a blind eye the moment someone utters the word and feel convinced someone else will take care of it for us. Surprise your audience with how simple security can be by using clear, concise messages and avoiding jargon at all costs.
Use fun and humour in line with your company’s brand personality to bring particularly dry topics to life, and look out for opportunities to make your message more memorable without trying too hard to be a comedian
Develop messaging for both online (get creative with video, animation, leveraging corporate social networks) and offline channels (face to face conversations can be particularly powerful, create dialogue that involves people and helps them to retain information, and help increase visibility/approachability of your security function). Consider how different roles and functions might require different channels to reach them, and how your audience prefer to receive and consume information.
It might be tempting to splash serious headlines across your emails, posters and blog articles – after all there’s no shortage of them – but this approach tends to alienate the audience you need to resonate most with. Provide practical tips and explain the positive benefits of applying them to both their work and personal lives. Use serious references where it helps to emphasise the point e.g. you wouldn’t hand your toddlers the remote after 9pm, so don’t give them free reign to watch YouTube unsupervised – but do so in moderation.
Consider making some changes to your environment to support the desired behaviour changes. Old habits stick around as long as things look the same, so don’t expect people to change the way they do things without some new cues to help embed a more secure culture. Could a desk move, a lick of paint or a change to the usual schedule help forge new habits? Try it! Plenty of neuroscientific research proves this can really work.
These are just five ways to make sure your messages stay relevant and resonate with your audience, and they actually apply to any scenario where you want to influence others through communication. Before you roll out your shiny security awareness programme to the masses, get some more allies on board with your mission for a more secure company culture and involve them in some focus group feedback sessions. Then iterate and launch! Just remember that communication efforts must be sustained to have any effect – don’t call upon your creative juices only to let it go stale after one hit.