This post comes to you from our Creative Director, Ashley Schwartau.
During the first week of my freshman year in college, Citibank set up a table outside of the cafeteria with peppy marketing folks cajoling students to sign up for a credit card. “Sign up today and get a free t-shirt!”
I didn’t even stop to think. They had me at “free” and I was signing up before they’d finished saying “t-shirt.”
I took my bright yellow Citibank t-shirt, had lunch with my friends and promptly forgot about the credit card I had signed up for. Throughout the course of the year, there were plenty of other free t-shirt moments and I took all of them.
You know that classic question, “What would you do for a Klondike bar?” Nothing, because I don’t eat dairy. But a free t-shirt? I’d probably sign a deal with the Devil himself.
In fact, just recently at a big festival downtown with hundreds of vendor booths and tons of free swag, I filled out an entire survey just to get a pair of sunglasses. (This time I gave completely false information. I don’t want people calling me.) And I’ve worn those sunglasses nearly every day the last few weeks.
I tell you these anecdotes for an educational reason: bribery works.
I’ll be honest here: I have never worked for a company that requires any sort of CBT training, security awareness related or not. But I’ve heard stories of the worst and, as an elearning developer, always try to think, “What would I *not* want to see if I had to take this training?” Put yourself in your users’ shoes. What would you want to see? How would you want your superiors handling the situation if you were the user?
A lot of people come to us asking for help getting user buy-in for their awareness program. They have the budget for great training, they have C-level support, they have wonderful staff, they have the coolest LMS…. But they don’t make their training mandatory and therefore their users aren’t interested.
So I always ask them, “Would *you* take non-mandatory training?”
The answer is usually no.
“What would entice you to take the training?” I ask.
They hem and haw and mumble about policy.
Then they turn the question on me. “What would make you take the training?”
Without a moment of hesitation, my answer is always the same. “A free t-shirt.”
I’m not saying every organization needs to go spend thousands of dollars on American Apparel shirts with their logo on them (though if you do buy t-shirts, definitely go AA) but I am saying that if you can’t make your training mandatory and just force your users to complete it, why not bribe them?
Parents bribe kids to eat their veggies with the lure of ice cream.
Credit card companies bribe college kids to sign up for high interest rate accounts with the lure of conference-level swag.
Heck, I bribe myself to go to the gym. (1 hour of working out = 1 hour of Netflix!)
You can bribe your users to take educational (and necessary!) security awareness training with $5 Starbucks cards, pizza parties, casual Fridays. We’ve heard lots of different bribery tactics, from swanky (free iPads and iPods to the first 100 employees who completed it) to the cutesy (small plush versions of the company mascots to everyone who passed). Some companies bribe their employees with competition and prizes — the top ten percent of passing grades will get an extra day paid vacation — and some bribe with something small for everyone just for getting it done — a week of jeans!
Bribery has this negative connotation most of the time but when the goal is to encourage users, it can be a very useful thing. And if t-shirts are involved, I’m definitely for it. 🙂
– Ashley Schwartau, Creative Director
Ashley has been with The Security Awareness Company since birth. 😉 She started work in the production department back in 2003, and took on a full-time position in 2009 as senior graphic designer and e-learning developer. She took over the role of Creative Director in 2011 and has since been involved with every single client project – large and small – helping companies create and launch security awareness programs of all sizes.
Latest posts by Ashley Schwartau (see all)
- Here I Am: My Unexpected InfoSec Career Path - May 30, 2017
- Harry Potter and the Security Prophecy - May 4, 2017
- Use Gamification to Drive Engagement with Monthly Newsletters - January 12, 2017