Friday, 28 December 2012

Why Information Security Awareness Doesn't Work

Although even saying this seems somewhat counter-intuitive, I wanted to hit this head on. The fact is, any kind of awareness or training will work if done properly.  However - the training and communications industry is full of snake oil salesmen (and women) who will expound the noble art of metrics, structure, technologies, and systems of working to deliver you those incredible changes in behaviour.

In my humble opinion, they are missing a fundamental link between what we need people to do, and what they want to do.  It's simple. Give them what they want. Whether it's entertainment, advice, tips, tricks, shocks - whatever.  Just ask yourself "what would they be doing at home right now?". This will give you ideas as to what you need to offer them for their attention.

In this short film we asked the "characters" from our soon-to-be-launched campaign series (the first of it's kind to be commercially available to anyone) why they thought the main delivery mechanisms for information security awareness and training didn't work. 

Its fair to say - not all of them understood the questions.

What do you think? Why do some things change behaviour, and some things are just a waste of everybody's time, and a tick in a box for the compliance police...

1 comment:

  1. I read lot of articles and really like this article. This information is definitely useful for everyone in daily life. Fantastic job.

    OET Coaching for Nurses in Adelaide
    OET Training in Adelaide
    OET Coaching in Adelaide