I've been talking about simplifying our awareness content, making the materials more actionable, more direct in style - and here's an example.
Dipping into our stash of awareness content I discovered an awareness briefing on "Data backups" written six and a half years ago. It's not a massive tome, just a single A4 side of information, and the content hasn't aged significantly (although "PDA" is not an acronym we hear much these days!). But the written style needs some adjustment.
The original started out with a summary:
"IT Department makes regular backups of data on the network drives so computer users must either store all their information on the corporate network, or make alternative backup arrangements. Make sure you have good backups before it is too late."
The first sentence is passive, referring to "computer users" in the third person, rather than speaking directly to the reader. I have railed before about the term "end user" being used by IT professionals as a disparaging term with vague connotations of drug addiction - not exactly a flattering way to refer to our work colleagues! The second sentence is much more direct: it's a keeper.
Moving on, the next section headed "Why backups are so important" set the scene by outlining typical situations where computer data might be lost or corrupted, such that the only feasible response is to restore from backups - not a bad little list of incidents (malware, bugs, hackers and physical loss/damage), one we can re-use easily enough. It's a set of bullet points, quit succinct.
The next section gave advice: this took two substantial paragraphs making a big block of text. I've rewritten that to another set of succinct bullet points, more direct and action-oriented.
Finally, we end the piece with our usual bit about where to go for more information or help - it's just boilerplate, replaced now with the current wording.
Comparing the two briefings side by side there is an obvious difference: by reducing the block of words, we've found room to insert a graphic, with the text wrapped neatly around it.
You can't easily tell from these thumbnails but the font is different too, giving it a more 'modern' look, and we've moved the NoticeBored logo to the header: we're hoping customers will swap it for their own security awareness logo anyway.
So that's most of the update process for this document, mostly changing the style, look and feel of it. I'm checking and revising the wording as well to make sure it reflects current thinking, on cloud backups for instance and ransomware. All in all, I feel an hour's work has clearly improved the original, drawing on my 6½ years' additional experience at writing.
So what do you think? Worth the effort or a waste of time? What else could I have done?