When marketing goods or services, every company’s success largely relies on their brand awareness—a measurement of how recognizable their product is to consumers. When we shop, the product we choose is often one we’re familiar with—some combination of name, logo and colors (among others). Being recognizable is a key component to the long-term success of a company.
This is also true of your security awareness program (SAP). Even if cybersecurity training is required for your organization and employees—meaning your “customers” in this case have no choice but to buy the product—you are still selling them a service under the context of awareness. In other words, the more your employees buy into your security awareness program, the less likely you are to suffer a data breach. So the better your brand awareness, the stronger your resistance to cybercrime.
Your SAP Is A Brand That You Are Selling
What do you think of when you see the following image?
For 99 percent of people, only one thing comes to mind: Nike. Nike has a done a tremendous job of developing their brand and the awareness of their brand. The Nike swoosh is one of the most recognizable logos across the globe.
Believe it or not, your security awareness program is a brand, just like Nike. It’s a product that you are selling to your organization, just like Nike’s shoes. In order for it to be successful, you need to treat like you would with any business.
The success of your program relies on the participation of your entire organization. Merely “checking the SAP box” is a sure way to fail. Meaning, simply making your employees take a course or watch some videos and take a test might satisfy various compliance or requirements, but that is a far cry from creating actual cyber awareness or encouraging a culture of learning, and ultimately a minimalistic approach leaves you vulnerable. The application of knowledge is the difference between information and common sense—the former is almost useless without the latter.
The goal is to get your employees to buy into your brand of security awareness training. In order to do that, your materials need to be interesting. They need to be consistently recognizable. And most importantly, they need to be rewarding.
When a consumer buys Nike’s shoes, they are rewarded with a feeling of trust, of credibility that the product they bought is of high quality and authentic. Those shoes not only look good and are comfortable, they also bear that ever-important Nike swoosh. Without the swoosh, the shoes wouldn’t stand out, regardless of quality.
When a consumer buys a product, they expect a return of some form on their investment. SAPs are no different. If your employees don’t understand why cyber awareness is important on a personal level, they won’t care and won’t learn. If your material isn’t recognizable and interesting, your users won’t be able to make connections to previous training sessions and won’t recall information. In the end, the SAP is less effective and everyone loses.
By focusing on your brand, you will not only achieve a higher participation rate, but everyone in your organization will be able to apply knowledge at a moment’s notice—which is what cyber awareness is all about.
Recognizing Your Competition
Of course, since your SAP isn’t competing against Nike or in a commercial marketplace of any sort, it doesn’t have a true competitor. You have a monopoly. But that doesn’t mean competition doesn’t exist. Here are three things every security awareness program is competing against:
- Attention Span – According to research conducted over the last several years, scientists say the age of the smartphone has left humans with an attention span shorter than that of goldfish. While the sample size is small, at least one major business is taking note and adjusting their product accordingly. Adam Silver, the commissioner of the National Basketball League, recognizes consumers’ short attention span as a threat to his product and is considering shortening games. What’s interesting about that is the NBA is a commodity, and a popular one at that. Your SAP is not. Thus, your employees’ attention span for required training will be almost nonexistent.
- Recollection – Brand awareness is often defined as the extent to which consumers are able to recall a brand. When shopping for goods or services, they are much more likely to select one that they remember seeing or hearing about. If your SAP is boring, in black and white, with no illustrations or interesting graphics, what’s the likelihood that your employees will retain the information you are selling them? If you want your SAP to fail, be boring. Be unrecognizable. Remove the swoosh.
- Resistance – Believe it or not, your employees probably have no interest in participation of awareness training, especially for those in regulated industries such as healthcare. They view it as a distraction or an inconvenience. They may fear failure or participation. They may have strongly established habits that are resistant to change. Breaking through these barriers is a fundamental challenge your organization faces with cybersecurity. View brand awareness as a delivery method that assists your agenda.
Improving Your Brand Awareness to Improve Your SAP
So how do we tie all this together and apply it to your SAP? It certainly goes well beyond having an iconic logo, although an easily recognized logo (or mascot) is a great start. But we can do so much more.
Develop a color scheme. Did you know that yellow is psychologically the happiest color in the spectrum? There is a clear and proven relationship between colors and brand identity. Choose colors to create a theme throughout your training materials and activities. You want them to stand out but not be distracting. Here’s a guide to get you started: