I have a confession to make. I really, really like banjos. In particular, I am a huge fan of Bela Fleck. Man, that guy can play! And when songs with banjos become popular (like Coleman Hell’s “2 Heads”) I feel particularly happy that people are enjoying an instrument that often gets dismissed.
So, I will tell you what I’ll do. I will take a page from 1995 and have my web page play banjo music in the background while you read. It will be a soothing serenade as you learn how to level up your security programme. Great idea, right?
Well, it sounds great to me. And that’s the problem…
Write For Your Audience
We all tend to make the mistake that everyone will like exactly what we do, and that’s why our messages get ignored. Communication is about the audience, not the messenger.
The fact of the matter is that this blog is not for me, this blog is for you. I need to listen to you before I can craft a message that is in line with what you want to hear. Especially if the message is complex, unpopular, or difficult to accept.
So it is with your awareness messages. Too often, people craft the ‘perfect’ message and end up with the same lackluster response as they always get. That’s because the message is only ‘perfect’ to the messenger’s ears.
The Upside-Down Poster
I recently saw an awareness poster that was a great example of this problem. I say “saw” but it was not that simple. Actually, passed by it several times before I even realized there was a poster there. And then passed by a few more times before I realized that it was a security awareness poster.
Now, you have to understand that I am a security awareness geek. I am very, very interested in all forms of awareness materials. For me to miss a large security awareness poster, after passing by several times, means that the poster really missed the mark.
Upon finally reading the poster, one glaring problem was apparent: it had the desired behaviour written in bold, at the top of the poster, and in the largest font. Down near the bottom, in the smallest font, was the phrase, “win an iPad”. The entire poster was written upside-down!
I can imagine the meeting that defined the poster:
“Ok, what message do we want to get across?”
“Well, we don’t want them to click on malicious links or attachments, so let’s tell them to ‘think before you click’ .”
“Great idea. Let’s put that at the top, in bold. They will never miss it.”
“Ok, but we’ve sent out messages like this before and people still click on random links. We need some kind of training.”
“Hm. Let’s buy some phishing training programme and we can use the poster to advertise the training.”
“Great idea. We can accomplish two messages at once.”
“But no one is going to want to go through yet another corporate training session. We need an incentive.”
“Oooh. I like that. What’s a popular giveaway right now?”
“iPads are always good.”
“Then let’s do that. “Think before you click” then “Take phishing training”, and then to get them to take the training “Win an iPad!”
“Perfect. Send it to the Graphics Department.”
I can imagine this meeting because I have done the very same things. I get so caught up in what I want, that I neglect what the audience needs.
There’s a lot that could be done to make this ‘upside-down poster’ better, and I will cover those things in later posts. But the first mistake that caused the rest of the mistakes was that the awareness team wrote to satisfy themselves, not their audience. Even though they went through the effort to give away an iPad, they missed the opportunity to connect with their audience.
The easiest thing that they could have done to make the poster 100% more effective (and get far more people to act) was to write it ‘right-side up’:
Win an iPad!
Take part in our new phishing simulator to learn how to protect yourself from attackers. When you do, you will be entered for a chance to win a new iPad.
Always remember: Think Before you Click!
Then, the message “Think Before you Click!” could be repeated, in bold, in all interactions with each individual, both in the phishing simulator and then in any related emails. And they will see that message because they opened the lines of communication for this message.
That’s a message that won’t be missed. That’s how to have a lasting impact.