There is a tried-and-true principle that helps guide a successful cybersecurity awareness program – until something matters to someone personally, they will never change. This speaks to an important part of all security awareness efforts – answering the question: why should they care. That’s why there is an ongoing need to keep your cybersecurity awareness program RELEVANT to the individuals in your organization.
Part 2 of this series: Keeping Security Awareness Relevant.
Practical Ways to Keep Your Program Relevant:
- Make it personal. Tie all security awareness communiques to their personal application for the individuals in your organization.
- Give people what they need to be successful. Don’t just tell them scary stories or things not to do. Provide practical, actionable guidance on what they can do in the face of ever-changing security threats.
- Use current events – without driving fear. The news (industry-specific, regional, national, and international) is full of current events that can help drive awareness of the need for good security hygiene. The challenge is not to “scare people straight” with the information, but rather relate it to why security best practices should be on people’s mind as they do their job and live their lives.
- Audience you message. Not everything matters to everyone the same way. Along these lines, consider who should send the message. Not everyone listens to the same people the same way.
- Get testimonials and stories from your organization. This brings the message of security awareness closer to home and closer to front of mind.
- Use specific stories that are relevant to organizations and their personnel. While some generic security guidance is helpful, tailoring the messages and information to organizations and their personnel gets their attention more quickly.
- Empower your people to respond. Remind them that EVERYONE is part of the organization’s security effort. Remind them regularly who to call, who to email, and what to do in the event of an incident or a security-related question.
- Deal with resistance. Invariably, there will be pushback on participation in a cybersecurity awareness program. This is most noticeable when you are asking people to DO something (like attend an event or consume learning content). Keep in mind that resistance is not bad. It is an indication of something. Listen to them and ask why.
- FINALLY, the pièce de ré·sis·tance. Give them practical tips and useful information to help them in their personal lives. Give them advice for their home, travel, family, and finances. Give them best practices for protecting their identity and the things that matter in their lives. This will win the hearts of your people and not just the minds.
Next will be the final in the 3-Part series – Part 3: Keeping Security Awareness Sustainable.
Reminder: If you need help getting your security awareness efforts off the ground or achieving all three goals with your cybersecurity awareness program mentioned in this series, we’re here to help.
Kenny Leckie
Alterity | Senior Technology & Change Management Consultant
In his role as Senior Technology and Change Management Consultant, Kenny provides thought leadership and consulting to the community in areas of information security/cybersecurity awareness, change management, user adoption, adult learning, employee engagement, professional development, and business strategy. He also works with clients to develop and deploy customized programs with an emphasis on user adoption and increased return on investment. Kenny is a Prosci
Certified Change Practitioner, a Certified Technical Trainer and has earned the trust of organizations across the US, Canada, The UK, Europe and Australia.
Kenny has more than thirty years of combined experience as a Chief Information Officer, Manager of Support & Training, and now a consultant, providing him a unique point of view and understanding of the challenges of introducing change in organizations. He combines his years of experience with a strategic approach to help clients implement programs that allows focus on the business while minimizing risk to confidential, protected, and sensitive information. Kenny is an author and speaker and a winner of ILTA’s 2018 Innovative Consultant of the Year.