In a previous post we discussed the challenge of communicating security awareness in your organization Specifically, if your training is a scheduled event you will average no more then 5% show-up rate. For your training to be effective people need to be able to take it when they want from wherever they want. I mentioned at least four different methods that I have seen work well; online videos, blogs, newsletters and stickers. Today I will cover newsletters. What I like about newsletters is the following.
- First, and most importantly people can read newsletters on their own time, this is content they can take anywhere with them, either in digital or paper format.
- Newsletters make a great reinforcement method as they can go into greater detail then a video or blog.
- Newsletters are very in-expensive to create and distribute. This is an effective resource you can create yourself.
- Be sure to include references, stories or statistics in your newsletter that apply to your own organization. Recently had a security assessment? Share some of the highlights of the result. Recently had a phishing incident? What did people do right or wrong? The more information you share specific to your organization, the more engaging your newsletter.
- Keep it short and non-technical, I recommend no more then two pages. It never hurts to have a high-impact image in there.
- I suggest distributing your newsletter once a month. Anything more and it is hard to maintain quality and people get overwhelmed with information. Anything less and there is too much of a time gap between the reinforcement.
If you do not have time or resources to develop your own security awareness newsletter, consider subscribing to OUCH! This is a free security awareness newsletter developed by SANS senior instructors and a board of editors and translated in over ten languages. You are free to distribute this newsletter internally as part of your awareness program.