Many companies make timid, awkward and ineffective attempts at teaching their staff about company security policies. This occurs because most corporate security policies are boring, unintelligible tomes.

Gif showing someone being super bored

I’m dying of boredom.

Ergo: No one pays attention to them.

We spend a lot of time helping companies get their security message across to their employees. But are there any employees at any company who care one iota that their “policy is designed to take maximum advantage of our internal IT skills, protect our operating environment and prosecute offenders to the maximum extent of the law?”

What does that even mean?!

John Stewart looking very confused about something.

What does that even mean?!

Instead, we’ve found that employees care and will listen if you educate them about protecting themselves from cyber criminals, their kids from predators and their families from fraud.

Spock nodding and saying

Yes, Captain, that sounds logical to me.

It’s not that corporate users are stupid, lazy slugs who don’t give a rat’s patootie about security policy; it’s that the corporations are putting themselves and their financial interests first (“If we get hacked, we’ll lose money”) and their employees’ second (“There are 100,000 phishing websites out there. Here is how to best protect your family.”).

It’s that the typical, straitjacketed approach to security education is dull and uninspired at best.

Jeff Winger and cast of Community wearing straight-jackets.

Don’t drive your users crazy with boredom and mind-numbing materials!

Give your users a chance. Teach them on their terms for once, not yours. Take a lesson from TV and films, and entertain. A lot of people learn about politics from “The West Wing”, “Scandal” and even “Parks and Recreation.” Half the people in the country are now legal and forensics experts because of the “Law & Order” and “CSI” franchises. How can you use the same techniques to teach security concepts? People are open to ideas presented to them through entertainment, and they are especially interested if it directly affects them.

Russell Crowe in Gladiator shouting at crowd.

Are you not entertained?!

Make security personal. If your staff learns the ins and outs of making their home computers secure and how to protect themselves from the ravages of the Internet, exploiting that knowledge for the benefit of your company’s security is much easier and more effective.

Michelle, from Full House, saying

Make security personal, and the lessons will stick….. duh!

Now go forth, and create an awesome awareness program!

Ben Stiller saying

Go be awesome…. do it!

Need more inspiration? Check out our satirical video: How to Make Your Security Awareness Program Fail!

Ashley Schwartau

Director of Production & Creative Development at SAC
After more than 15 years of working in this industry, she’s finally accepted – and embraced! – the fact that she’s a security awareness expert. She is also a book-loving, travel-blogging, French-speaking Gryffindor who is unapologetically obsessed with her cats.