Many security awareness programs fail to deliver upon their promises. Security teams often complain about a lack of resources, of management commitment, of time that prevents us from delivering the right security awareness program. That may well be the case, but there is still a lot we can do, without spending money, that can make a real difference in our impact.
Change the fundamentals
It’s often the little things that make a big difference. When it comes to security awareness, just tweaking key elements of your program with simple hacks can make an immediate and lasting difference.
Adapt to your target audience
To enhance your security program, you need to understand what your audience segments are and tailor the message appropriately. This means moving away from a one size fits all approach.
You can start with asking yourself some simple questions like, “What does my audience care about?” or “How can you best communicate the value to them?”. Here you can access a free Audience Segmentation Template to get yourself started!
Get the basics right
Take travel security as an example. Leaving training aspects aside, a large part of any travel risk awareness program is built upon pre-travel briefs, security updates, intranet sites and travel security portals. When you address these channels with more time and focus on the foundation elements, you can make a much more meaningful impact.
Here are three simple hacks that are free and immediately accessible:
1. Cut out anything that isn’t absolutely relevant in your pre-travel briefs
First, identify what is relevant. This is the hardest step, and the most crucial one
Next, resist the temptation to add every possible bit of information. No-one wants to dig deep to find the content they are after. People want you to curate the information for them
Aim for a crisp couple of essential pages rather than a 30-page all-inclusive travel brief. Adding a few visual summaries and icons will make the whole thing much more reader friendly. This means it is much more likely to actually be read
You can always guide your audience towards more detailed content from there onwards, but even then, it’s best to fight the urge to keep adding more
2. Simplify the written language
As an expert, you are ‘cursed with knowledge’ and have likely developed a very specific lingo. Not everyone knows what you know, so non-experts may not understand you if you don’t adapt to them
Keep in mind that many people you communicate with will not be native speakers. Keeping vocabulary and syntax simple will help you come across clearly
You can use free or affordable online tools like the Hemingway App (http://www.hemingwayapp.com/ for free) or readable.com (U$4/month) to check the reading level of your written content
Rope in specialists if you can – your internal communication team can help ensure your communication is on brand and fits the target reader. Hiring a copywriter can also help clarify your messages for non-expert audiences
3. Add value with interesting content
Your communication is a transaction – people give you their attention and expect something in return. Make sure you give them something truly worth their time
Kick off with the big picture, then go into specifics – people will follow you farther with some context upfront
Start with something that people want to read about, even if it’s not directly related to security – sneak in your security messages within that context, you have their attention now
With simple language and sharp focus, valuable information will resonate with a wider range of people
Now it’s your turn
These hacks are free. You can also listen to this webinar recording to hear more tips on simplifying your language. If you apply them well, they will have an immediate and significant impact.
You already have what you need. Be brave and try something new!