Do you feel your organization has already spent so much energy on Cyber Security and results are just getting worse? Perhaps your IT department has sent out dozens of communications and even required a painful security awareness video. Somehow employees are still falling prey to Social Engineering especially document sharing Phishing. If this sounds familiar the simple answer is:ask your Marketing department for help.
Full disclosure here: there is no silver bullet to fix every aspect of Cyber Security. It requires time, money and a plan to address real technical challenges that criminals can easily exploit. However, if you ask your average technology professional it’s not the network security, server patching or some other highly technical activity that frustrates them. The number one challenge technology professionals will admit is dealing with the end user, otherwise known as employees.
If this sounds familiar then my recommendation is to ask your marketing department for help. If you’re a technology professional you could coordinate with your marketing department and run an awareness campaign. By starting out with a simple (yet effective) awareness campaign you will make a difference in one of the greatest risks your organization’s brand is facing. This is as much a marketing risk as it is a technology one. If you’re a leader of a functional area you should pull your IT and Marketing leaders together to ask that they drive this campaign for your area first as pilot and then, if successful, roll the campaign out to the rest of the organization.
Here are 7 critical components to an effective Cyber Security marketing campaign:
- Identify and focus on the most critical Cyber Security threat. For most organizations, this will be phishing.
- Don’t assume your employees know terms like phishing, know how to hover over links, understand how to identify spoofing or know any other common security vernacular.
- Explain beyond the basics of the risk by focusing on the behavior(s) you want them to adopt.
- As the saying goes, “A picture is worth a thousand words”. Show real life examples of phishing and what not to click on in websites, emails, etc. Create posters and other visual communications to reinforce your message to hang throughout your company/organization.
- Maximize your message by sending communications through more than one channel. Have your technology manager explain the seriousness of the threat to employees.Soon after, send specific instructions from your Help Desk on what employees need to look for and how they need to respond. At that time, ask each department to reinforce the Help Desk communications by adding a personal story.
- After communicating, test the effectiveness of the campaign by using a phishing simulator such as Threatsim/Wombat, SecurityIQ, or your Marketing tool to gather read rate and clicks of suspicious emails.
- Publish the results by department. This final step creates a gamification or cadence of accountability that truly starts to change behaviors. No department wants to be at the bottom of the list.
By following these 7 keys to success you can transform a stagnant security awareness program to a clear, engaging and fun program. Repeat steps 4 through 7 until your organization completely addresses the most critical area or reduces the risk to an acceptable level. To increase the fun factor, turn the reporting into a contest with a simple prize such as a gift card, YETI Cooler or team lunch!
Have a question for our experts? Leave your comment below and check out our website for more information.
