Security Awareness Programs are a valuable part of every company’s security strategy. Security Awareness Programs are also abysmal failures and a waste of resources.
To see how to make your security awareness program FAIL! watch this short video.
But how you make one succeed? My Top 5 tips are:
1. Make it entertaining. You are competing with Angry Birds, YouTube and social media and your security awareness program has to be compelling enough to get folks to pay attention. Humor is good. Boring is bad.
2. Use Headline Marketing. Unless you grab their attention, they will never see the meat of your message.
3. Multimedia is King. People will not read long texts; they have no time or are culturally unable to digest too much information. Keep it short, sweet, using dynamic graphics and video productions. They work.
4. Do it over. And over. Security awareness is an ongoing effort that is never ‘done’. Why is Phishing still so successful? Because not everyone gets the memo. Think Coke. They spend billions on marketing to keep their name out their. You can spend a few thousand and achieve the same thing.
5. Make your program personal. Most people don’t care about company policy. They want to do their job and get paid. Teach them about security as it relates to their family and friends. Teach the risks and “Do Not…” messages. They will pay attention to this, and then relate the personal security messages to company security. It works.