Welcome to the SecAware blog

I spy with my beady eye ...

27 Feb 2013

Security awareness: it's easy, right?

Anyone can 'do' security awareness.  It's easy, right?  Tell staff to choose strong passwords, avoid dodgy websites, and comply with policies and procedures, and the job's a good 'un.  Bish bash bosh, is it time to go home already?

OK, smarty-pants: try writing something meaningful and worthwhile about information security for a non-technical audience, people who 'have things to do' or 'have a life', don't particularly care about information security, have limited attention spans and negligible vocabularies.

For a genuine challenge, limit yourself to the "ten hundred" most common English words.

If you can say what has to be said without it coming across as a condescending finger-wagging lecture to a six-year-old, congratulations, that's one hurdle cleared.  

For bonus marks, make it engaging, action-oriented or motivational in style, sufficient to persuade your audience not just to nod sagely as if they actually give a toss, but to ACT more securely - to BE more secure.  Overcoming the cynicism, lethargy and couldn't-care-less-ness of the average person takes a bit more effort, all the more so if you expect them to behave differently months down the line when the memories of your pep-talk have long since faded into the haze of a zillion other well-meaning advisories and warnings.


PS  My own attempt at the challenge failed on the very first word.  "Information" is evidently more obscure than I thought!

No comments:

Post a Comment