- Blog
- Marketing and Communications
Marketing and Communications
Published on April 19, 2010 by Karen Letain in Marketing and Communications
I was reading Seth Godin’s blog entry today http://sethgodin.typepad.com/ (yes…he is a marketing guru and no he is neither an education psychologist nor does he have a PhD in Education, at least as far as I know). Seth is a best selling author, entrepreneur and agent of change. So what does this have to do with Security Awareness training or any training for that matter? For any corporate training to be adopted by an entire organization you need to understand how to market it effectively.
A sentence that Seth put in his blog today really resonated with me. It is as follows:
If you're having trouble persuading people to buy what you sell, perhaps you should sell something else. Failing that, perhaps you could talk about what you sell in a different way.
This can be applied directly to your security awareness training. Let’s give it a try:
If you're having trouble persuading people to take security awareness training, perhaps it is time to try something else. Failing that, perhaps you could talk about the training in a different way.
Security awareness training is an essential part of an organization’s yearly training regime and if you are facing resistance from end-users in taking the training then perhaps it is time to try some fresh content, videos or even games to make it more enjoyable. If you are currently conducting your awareness training via an instructor-led model, perhaps it is time to look at e-learning or even just add in some video or gaming type exercises into your existing structure.
Published on February 15, 2010 by Karen Letain in Marketing and Communications, Planning
To win the gold...a corporate security awareness program aims to make all the employees understand and appreciate not only the value of the company's information assets but also the consequences in case these assets are compromised. In theory, the process is straightforward and painless. But as every IT/security manager knows, in real life, an awareness program can be a huge headache - especially in a large enterprise.
How do you plan correctly when implementing a security awareness program? How do you determine what tools will be effective in your organization? And...how do you create a winning program that wins a gold in terms of making everyone aware?
A couple of simple rules:
1. Do the training yourself - ensure that you do your research. Understand how employees use the syetms and for hat purposes, who has access to what and why? Understand the dynamics of your organization. Be well versed on the policies, goals and initiatives within your organization that might impact the program.
2. Get executive buy-in - without the right buy-in you will not succeed...period.
3. Create a focus group - get individuals from each department involved in the process so they can help you to build the right messaging and communicate effectively to the different groups within the organization.
4. Communicate, communicate, communicate again - use different techniques to get the message across. Be succinct and clear in all communications used and ensure that a regular frequency is maintained throughout the year.
5. Above all...make it FUN! In general, people are frightened about security breaches and risks. Try to remove the scary aspect by getting them involved.
6. Lead by example. Act swiftly and communicate rapidly if a security incident occurs. Ensure you are adhering to the policies within the organization and take every opportunity to communicate and reinforce the awareness message.
We would welcome your input into this conversation. Let us know what methods you have used to get that additional "edge" to create a wining program.
Published on January 15, 2010 by Karen Letain in Marketing and Communications, Planning
I had dinner with a good friend last night and the discussion, as usual, lingered toward work-related topics. The company that she works for (a large multi-national company) recently decided to enforce a clean desk policy for security purposes. Nothing wrong with that, except; this company did it to the extreme. Employees can not have even a small amount of anything on their desk. If they do happen to leave an item on their desk, a note goes into their employee file and points are taken off of their quarterly employee assessment which is directly tied to bonus and payment increases. Obviously, this has all employees grumbling and complaining and wondering if next they will be subject to body searches in order to go use the washrooms.
Had the company instead, communicated effectively with their employees through perhaps a well constructed campaign employees would have been able to understand and even, dare I say it...embrace the policy with the understanding that they are assisting the organization in maintaining a stellar level of security protection. Instead, the drastic measures of affecting their personal performance indicators has only led to an employee based frustrated and angry with their employer. How would you have handled it?
Published on May 25, 2009 by Lise Lapointe in Marketing and Communications, Planning, Reinforcement Tools
You’ve identified the need for an ISATP, but now you’re trying to put together an effective plan that will ensure measured success and results for your organization. The success of your ISATP is in the planning of all stages of the training project. Training is a cyclical and ongoing process and should be treated as a project that has many phases and is continuous. Most organization’s engage in ISATP because they need to meet certain guidelines or compliancy standards. What many fail to realize is that in order to change employee behaviour within an organization you need to train continuously.
It is then essential to treat an ISATP program like any other information technology project. Behavioural change is not easy and requires continuous reinforcement. You need to create a project, assign a project manager, and recognize a project champion. Creating a project includes defining business objectives and scope (what’s included and what’s not) in a document. The document needs to be clearly defined and must appoint those who will be held accountable. The document will then act as a guide from planning to implementation to the effectiveness of ISATP outcomes.
Read More
