Why you should run your security awareness program like a marketer
Category: Best practices, Security awareness
April 16, 2019
Mandatory, compliance-based security awareness training checks a box. It does not guarantee that your workforce is prepared to detect and report cyber threats such as phishing attacks and it certainly doesn’t encourage employees to see your organization’s data and security as their personal responsibility.
If your goal is to train your workforce to identify, avoid and report the security threats your organization faces, you need more than a checked box. You need a security awareness and training program that weaves security into the culture of your organization by teaching employees to recognize attacks and adopt security best practices.
It’s easy to discuss the perfect security awareness and training program that grabs the attention of your entire workforce and inspires employees to treat security as their personal responsibility, but it’s a lot harder to make it happen. Luckily, there’s a proven way to do it.
Marketing 101: Run a layered campaign
A marketer’s job is to grab the attention of an audience, promote engagement with a message and, ultimately, inspire the audience to take a certain action. They do this by running layered campaigns that carry an engaging, recognizable theme and deliver a consistent message across multiple communication channels. It sounds complex, but the idea is simple. Be entertaining, deliver a clear, consistent message and reach your audience frequently through the communication channels they use most.
Why reinvent the wheel? Security professionals can adopt this basic marketing principle to transform an otherwise routine and easily dismissed security training program into a campaign that employees actually want to engage with.
Running a layered security awareness campaign isn’t just fluff. It really works. Many organizations rely on dedicated security awareness practitioners to run sophisticated security awareness campaigns built to go beyond the compliance checkbox and instead, build security into the culture of the organization.
What if you’re not a marketer or dedicated security awareness practitioner?
Dedicated security awareness practitioners have the time, budget and resources to build and execute an entire layered security awareness campaign. But what if security awareness is just one of your many responsibilities and you don’t have time to build your own program? What if you’ve never run a layered campaign, don’t know the best way to communicate your message or don’t even know where to start?
You can still run an engaging, layered security awareness and training campaign. You just need a little help. That’s why we created the security awareness campaign kit.
What’s a security awareness campaign kit?
A security awareness campaign kit includes all the resources you need to assemble an entire layered security awareness campaign. Along with training materials, infographics and posters, a campaign kit includes pre-written email templates, a communication calendar and a step-by-step guide to help you launch, manage and measure the success of your campaign. Security awareness campaign kits carry a single, consistent theme and provide useful suggestions to help you customize your campaign to build a program that works best for your organization (and actually changes behavior).
The Marine Lowlifes security awareness campaign kit
Meet the Marine Lowlifes, the most dangerous phish lurking in your employees’ inboxes. This campaign focuses on the dangers of phishing emails and what your employees can do to identify and avoid these attacks. The Marine Lowlifes campaign kit includes a contest, training modules, posters, infographics, digital banners and a full set of email communications to help you deliver a consistent, phish-themed message every week.
Download the Marine Lowlifes Security Awareness Campaign Kit for immediate access to all Marine Lowlifes training content.