Is your workplace experiencing information fatigue? If not, I'm sure others around you are. This fatigue branches from the many methods of communication used by projects, business units, and company updates to reach our staff, peers and partners. Trying to be heard causes each corner of the organisation to compete for your limited information capacity outside of getting your job done. An unfortunate outcome of information fatigue is that people often become very focussed on what channels they are willing to tune into (and tune out of) to avoid complete overload. Sadly, this is also a key challenge when it comes to security awareness - with those who most need to hear your message often being tuned into other frequencies.
It is often said that there is a market for every product and service - if people aren’t ‘buying’ what you’re ‘selling’ it’s down to marketing to the right people in the right ways. Often we limit our messages by broadcasting high level blanket advice to reach the whole company, but don’t consider the readership. There must be a better way.
So how can you inspire people to want to tune into your messages? You can start by tailoring communications to very specific audiences or tailoring to very specific channels (or both). Broadcasting wide, general messages can fall on deaf ears. So, what about these examples:
1. Reach Execs with some very specific security calls to action via a channel they are already tuning into - like a Monday morning update from their assistant (there’s a whole other blog in the value of Executive Assistants in the path to more secure organisations…..they need to be your champions!).
2. Target call centre staff with specific, actionable messages about customer related security delivered at their daily briefing.
3. Participate at the HR offsite – you should definitely be a guest speaker but then… get out there and show them your [insert embarrassing team bonding exercise here]skills while becoming more visible and gaining their trust in your commitment to the organisation.
4. Consider publishing a blog or a podcast (or a blogcast) to capture an audience who love this medium to consume information. Make it relevant, timeless and inclusive – who doesn’t want to be interviewed about their contribution to securing the organisation!
5. For those involved in projects (especially consultants/contractors), often they tune out of anything not project related. In this case, you need to find an avenue for security updates in their regular communication channels and make sure your messages are valuable to the project.
If this all sounds like hard work….it is. Writing the policies and conducting audits is the easy part. Getting people to listen, and take action, requires some sweat. Take your messages to the people, concentrating on what’s in it for them - so it becomes the information they want to consume and aligns with their way of working. Make it personal and memorable. If we want our messages to feel less ‘compliance’ and more ‘alliance’, take the time to tune into different parts of your organisation so that you can leverage the right communication methods for your audience. When it comes to being heard…are your messages being tuned in, or tuned out?