Security awareness campaigns can be delivered using the SnapComms messaging platform as interactive sequencing screensavers, pop up messages (with repeat and acknowledgement options), scrolling headlines engaging pop up quizzes and surveys. Even desktop wallpaper can be rotated and published directly onto screens.
The SnapComms RSVP tool provides reminders for employees to register for security training sessions and includes escalating, consecutive alerts to those who have yet to register as training dates approach. Following training, SnapComms' pop up surveys and quizzes collect feedback and reinforce learning.
Pre-scheduled security awareness content. Scheduling, repetition and expiry options ensure security awareness content remains fresh with maximum impact.
One of the main advantages of SnapComms messaging platform is its security ‘campaign’ feature. This enables a bundle of messages around the same security topic – such as phishing, passwords or social engineering – to be scheduled and later reported on.
These messages, which can be created in a variety of appealing formats, are followed up with a ‘validation’ piece to assess employees’ understanding. With this insight, managers can address any knowledge gaps.
Compulsory comply – employee has no option but to agree/comply
Option to comply – employee can choose yes/no to comply
Nurture only – educational/informational communications
Validation – validate the employee’s knowledge and obtain commitment
It’s all about selling. Think of your security awareness campaign as a sales campaign or a marketing campaign. For maximum impact you will need to engage people with messages and connect on an emotional level.
Connect to 'Hot Buttons'. Ask employees in your different target groups about the security issues and behaviors they see in their areas of work. The SnapComms visual survey tool allows you to target surveys with repetition options to key target audiences (and it is available as an on premise solution unlike survey tools such as Survey Monkey). If you are already communicating and behaviors are not changing, ask people why they didn't change their behavior. This will help you to understand their motivation and connect to their “hot buttons”.
Start with why. Enforcing security measures such as switching off HTML or removing auto complete on email can be helpful but engagement and behavior change increase when the employees understand the reasons behind these restrictions.
WIIFM (What’s in it for me?). Run campaigns showing employees how to protect themselves in their individual lives for example how to protect the home computer, keep kids safe online, check for viruses etc. By engaging employees in the concept you can then broaden the concepts to the wider organization.
Use storytelling. Use storytelling to drive a hero mentality and use recognition for “security stars”. It doesn’t need to cost much, for example movie tickets, a mention in the company newsletter or a screensaver feature. Share “I got hacked” stories (e.g. as visuals on screensavers) to engage people on a personal level to illustrate key points and show how it is easy to fall victim.
Use senior leaders to help you. Sharing stories from the CEO and other senior leaders can be a great way to make people feel comfortable and to communicate simple ways to report security issues. Use face-to-face or video messages to convey these types of messages. The SnapComms video alert tool allows you to target specific audiences with different types of video content, to repeat reminders for unviewed videos (to ensure maximum views) and to measure the audience engagement.
Challenge feelings and beliefs of safety. Employees may underestimate the risk of using the Internet because they feel in control but often attacks are silent and the victim is unaware of it. Employees may not know this and raising awareness of risk is an important aspect of a security awareness campaign.
Repeat key messages in multiple channels. Sending employees on a long training course can be very time-consuming and expensive. Consider repackaging key information into bit sized pieces and reinforcing messages through multiple channels. This allow you to communicate more effectively and with less impact on day-to-day operations.
Repeat whole campaigns. You can minimize cost by reusing and repeating messages and cycling key themes / campaigns over time. SnapComms allows you to create a library of resources for security awareness and campaign management features and the content calendar tool allow you to reuse messages and campaign elements as required.
Use past security breaches as learning examples. Provide examples of real security incidents (internally or at other organizations) and “gamify” by running quizzes of what should've been done in that situation. The SnapComms quiz tools allow you to deliver visual quizzes onto desktop and mobile devices and to run supporting leader boards, scrolling updates and notifications to keep energy levels and interest high. SnapComms employee gamification tools.
Focus on the “must policies”. Not everything can be a “must” and not all “musts” are equal. Focus on the issues most likely to happen and/or with the biggest risk. You need to decide what NOT to communicate. An effective awareness program helps people understand key security policies (not to know everything possible).
Think short bursts. Treat security message titles like headlines to grab attention and then take time to summarize the body content into short punchy and easy to digest formats.
Measure current levels of awareness. SnapComms provides a desktop and mobile “pop-up” survey tool with repetition and escalation options for uncompleted surveys to ensure high participation rates.
Define behavior changes required as an outcome of the security awareness campaign.
Measure the impact. The SnapComms suite of tools also allow you to measure the impact of the internal campaign (from readership levels to how behaviors change).