There is a tried-and-true principle that helps guide a successful security awareness program – until something matters to someone personally, they will never change. This speaks to an important part of all security awareness efforts – answering the question: why should they care. That’s why there is an ongoing need to keep your security awareness program RELEVANT to the individuals in your firm.
Part 2 of this series: Keeping Security Awareness Relevant.
Practical Ways to Keep Your Program Relevant:
- Make it personal. Tie all security awareness communiques to its personal application for the individuals in your firm.
Give people what they need to be successful. Don’t just tell them scary stories or things not to do. Provide practical actionable guidance on what they can do in the face of ever-changing security threats. - Use current events – without driving fear. The news (industry-specific, regional, national, and international) is full of current events that can help drive awareness of the need for good security hygiene. The challenge is not to “scare people straight” with the information, but rather relate it to why security best practices should be on people’s mind as they do their job and live their lives.
- Audience you message. Not everything matters to everyone the same way. Along these lines, consider who should send the message. Not everyone listens to the same people the same way.
Get testimonials and stories from your firm. This brings the message of security awareness closer to home and closer to front of mind. - Use specific stories that are relevant to law firms and law firm personnel. While some generic security guidance is helpful, tailoring the messages and information to law firms and law firm personnel gets their attention more quickly.
- Empower your people to respond. Remind them that EVERYONE is part of the security effort of the firm. Remind them regularly who to call, who to email, and what to do in the event of an incident or a security-related question.
- Deal with resistance. Invariably, there will be pushback on participation in a security awareness program. This is most noticeable when you are asking people to DO something (like attend an event or consume learning content). Keep in mind that resistance is not bad. It is an indication of something. Listen to them and ask why.
- FINALLY, the pièce de ré·sis·tance. Give them practical tips and useful information to help them in their personal lives. Give them advice for their home, travel, family, and finances. Give them best practices for protecting their identity and the things that matter in their lives. This will win the hearts of your people and not just the minds.
Next will be the final in the 3-Part series – Part 3: Keeping Security Awareness Sustainable.
Reminder: If you need help getting your security awareness efforts off the ground or achieving all three goals with your security awareness program mentioned in this series, we’re here to help.
Kenny Leckie
Senior Technology & Change Management Consultant
In his role as Senior Technology and Change Management Consultant, Kenny provides thought leadership and consulting to the legal community in areas of information security/cybersecurity awareness, change management, user adoption, adult learning, employee engagement, professional development, and business strategy. He also works with clients to develop and deploy customized programs with an emphasis on user adoption and increased return on investment. Kenny is a Prosci
Certified Change Practitioner, a Certified Technical Trainer and has earned the trust of firms across the US, Canada, The UK, Europe and Australia.
Kenny has more than thirty years of combined experience as a law firm Chief Information Officer, Manager of Support & Training, and now consultant providing him a unique point of view and understanding of the challenges of introducing change in law firms. He combines his years of experience with a strategic approach to help clients implement programs that allows focus on the business while minimizing risk to confidential, protected, and sensitive information. Kenny is an author and speaker and a winner of ILTA’s 2018 Innovative Consultant of the Year.