Security Awareness – Don’t Just Train…Advertise!


Information Security Awareness is an Everyday Activity…An Advertising Approach Can Help!

It’s well known that the human factor accounts for the vast majority of information security incidents. So, in addition to all the dollars being spent on technology solutions, companies typically spend the majority of their efforts on training, tracking and measurement. I get that the 100% completion rate serves a purpose, but the majority of training deployed is tedious and preachy and isn’t actually educating anyone. In fact, it often leads the employee feeling resentful. They’ll forget the lesson and remember how you and your department made them feel! If the goal is to win employee mindshare, change behaviors and mitigate risk, an advertising approach can help. This is because of a very important, sophisticated scientific principle:


FREQUENCY MATTERS: Smart, intelligent people still screw up. That’s in part because knowledge and understanding is only part of the equation. This is why even great, fun, interactive training doesn’t get at the root of the issue. Advertisers use the term “Effective Frequency” to refer to the number of times a person has to see something before taking action. Annual training and quarterly push campaigns aren’t enough because the relevant info will not be top of mind at the time of need. If you want to integrate your messaging into the culture, you need a regular cadence of simple, positive, interesting communications. This means more than just monthly newsletters. It means finding ways to show up where employees already are and that means, working with other departments to get them to integrate your messaging within the business. Regular vitamins are more effective than training inoculations. Strive to make your messaging ubiquitous. Here’s why.

  • Short Attention Spans: Now 7 seconds…shorter than a goldfish.
  • The Forgetting Curve is Steep. 87% of corporate learning is lost within the first month.
  • Limited Working Memory: This is the temporary storing of information for reasoning and decision making. You need to have messaging top of mind when the situation for needing that info occurs.


Upping your frequency is a great start. However, if your messaging is dull and boring, you may not get the results you are looking for. They will tune you out! That’s because:

INTERESTING MATTERS:  Cyber security programs need to start taking advantage of the many company communication channels available, but to get “air time” you need to have something fresh and interesting to share. Nobody likes the finger-wag. A regular stream of short, preachy communications can lead to message fatigue and resentment. Boring messages will go unnoticed and will be quickly forgotten. We know that frequency matters, but its also important to communicate in interesting ways. It’s not about being funny…it’s about standing out and getting attention, bridging connections, being memorable and winning them over. More communication channels will become available to you if you have something interesting to share. Get creative. Be interesting!

  • Emotional Connections & Retention: Music & humor makes emotional connections and tends to have a higher content retention rate.
  • Breaks Down Barriers / Builds Bridges: Laughter comes from shared recognition and makes tough-to-get-at topics more accessible. Humor is a great technique to highlight and comment on things that are true. It’s great for opening up conversations, bridging alignment and building trust.
  • Some Examples: The Fun Theory Airline Safety Videos



DON’T JUST TRAIN…ADVERTISE! – People forget stuff. Knowledge and understanding is only part of the equation. You need to have messaging top of mind when the situation for needing that info occurs. That can be solved by communicating more frequently.

SHOW UP IN MORE PLACES – Partner with your business colleagues to integrate your messaging within their communication channels. Place messaging where employees already are – other department newsletters and websites, screen savers, video message boards, social collaboration sites like Yammer, Jive or Slack, high-traffic areas (bathrooms, whiteboards, break rooms), sales meetings agendas and pre-meeting slides, webinar/conference call waiting rooms, leave voicemails, etc. Get creative. Communicate frequently to have a more consistent positive presence and increase the likelihood the the messages will be top of mind when problems occur.

COMMUNICATE DIFFERENTLY – Complex, scary topics can be inaccessible. People’s eyes gloss over. Look for opportunities to communicate differently…positively and in entertaining ways. Take a look at how your policies are written, the tone of your training, what your intranet site looks like, how your emails are written, and how you talk to people. Spend the extra time to make you, your policies and your program more accessible.  People won’t go to the office of “no.”

KEEP IT SIMPLE – Employees are busy, have short attention spans and limited working memory. Keep messaging simple. They won’t remember everything, so focus on giving them simple tips on what to do, tell them where to go for more info and let them know that it’s okay to ask for help. Think of your messaging as an advertisement so they get the idea but know where to go for more info.


Contact L&E to view our library of short, entertaining employee engagement and awareness communications. Over 150 “commercials” that engage employees in 75 seconds or less.

* * [email protected] * 872.302.7529

More Thoughts While Shaving