Where to Start?Follow these steps to help you build and manage an awesome security awareness program. These eight steps will help you get on the right track to shifting your users’ mindsets and changing behavior. Pretty soon you’ll have a whole team of human firewalls!
1. Assess your NeedsWhat are your goals? What compliance guidelines affect your organization? How many users? Do you need to train contractors and remote workers? Do you have a global presence and need for translated materials? Do you need an LMS or hosting solution?
2. Examine Management and CultureDoes your company culture encourage humor, games, contests, or other fun learning methods? Do you have strict brand guidelines that must be followed internally? Does your company already encourage professional development for employees or will there be pushback for more training?
3. Set Realistic GoalsWhat are you trying to accomplish? What would you like to improve? Do you want to create a company culture of awareness? Do you have a specific measurable goal of reducing calls to the help desk by 15%? Do you want to just meet compliance regulations or actually educate your users? Make sure everyone is on the same page regarding the goals of the program.
4. Determine a BudgetThis is often the trickiest part. How much money are you allowed to spend to make this program amazing? Does the budget cover the cost of the training materials themselves or additional staff to help manage the program? Does the budget include a hosting solution? Enough licenses for all your users around the world? Do you need translations?
5. Create a GameplanDo you have a launch date? Take time to plan! You can’t do it all at once. Create a content calendar, release schedule, and an assessment plan. Predetermine how you will host the training, what types of training you’ll use, how much of it will be mandatory, what you’ll give your users in exchange for completing it, etc.
6. Launch the CampaignYour plan is set, you’ve created or purchased materials, and you’re ready to launch! Make it fun, shout it from the rooftops, use email and the company intranet and posters around the office. Hang art in the ‘facilities’ and public areas. Get creative! Make a big deal about it.
7. Track MetricsIf you’re using interactive elearning modules, how are you tracking user participation? What happens to people who fail the assessments? Do you track who opens the weekly email blast or who downloads the monthly newsletter? Who’s in charge of analyzing the data you collect?
8. Make AdjustmentsUsing the metrics you’ve collected, see where you’re improving and where your users still need help. Do you need to make more of the training mandatory? Are the assessments too hard or too easy? Would your users react more favorably to games or animated videos? Get feedback, tweak the system, and go forth.
9. Rinse and RepeatTreat your awareness campaign like a marketing and advertising campaign. Does Coke run just a few commercials a year? Do movie companies only run one trailer for upcoming releases? Subway ads, billboards and window displays change regularly to send consumers the same messages in different ways. Once you’ve followed steps 1 – 8, start again. Awareness is a dynamic process, not a thing. Re-assess your needs, update your goals, and make improvements to your campaign.
Our ResourcesFree Content Archive
The SAC Blog
Digital Marketing Assistant at The Security Awareness Company
After starting out creating digital and print marketing for a real estate company, Meg now assists in keeping up the marketing needs for SAC. When not working she's probably watching a good movie or indulging in local art and music.
Latest posts by Meg Krafft (see all)
- NCSAM Today’s Predictions For Tomorrow’s Internet Infographic - October 17, 2017
- NCSAM Simple Steps to Online Safety Infographic - October 1, 2017
- Top Tips to Creating Your Own Information Security Policy Training Program - September 28, 2017