Let me count the ways…
I am 10000% confident, beyond any doubt, that security awareness can be an epic fail. Yet, if we can exploit to the devices we already have at our disposal, security awareness is a boon for any company’s security efforts.
But let’s get back to how many FAIL at security awareness.
Fail #1: “When you communicate to your audience, make sure every single word is perfectly formed English (or language of choice.) Do not – EVER – use idioms, slang or conversational language. It is completely unprofessional for any company to speak casually to its staff. Formality should be the paramount rule.”
Well, folks, I can’t tell you how often we have heard this over the years. And I don’t get it. Our editors don’t get it. Our reader’s don’t get it. And no one likes it.
IMHO, communication is about getting a point (or many points) across to a person, any person, so that they understand. With security awareness, it’s even more important because of the technical nature of the medium in which we live. Which is why using formal English without idioms or slang or conversational language can make these topics that much harder to understand, and why many employees just stop paying attention.
So, bear with me… but here’s how we like to communicate:
- Easy to read. Do not tax the busy worker.
- Clearly explain acronyms and technical terms.
- Make metaphors to their personal lives.
- Use metaphors to our physical surroundings.
- Provide simple 1, 2, 3 Action Items.
On the other hand, if you want to fail, please return to the top of this post and follow the (terrible) advice in the italics.