Editor's Note: Bridget K. Brown manages the Global Information Security Awareness program for RGA Reinsurance Company. She is one of the speakers for the upcoming US Security Awareness Summit in Philadelphia August 19. Below she discusses her talk on leveraging storytelling to change user behavior.
"Tell me a fact and I'll learn. Tell me the truth and I'll believe. But if you tell me a story, it will live in my heart forever." -Native American Proverb
What is your favorite story from childhood? Was it a book? A nursery rhyme? Something a parent crafted especially for you? Or maybe it was a favorite movie?
Got the name of it? Of course you do!
Now what was the lesson that that story taught you? To share? That greed is bad? That the "force" will always be with you??
Storytelling has been with us since the beginning of mankind. Before movable type, it was the way in which our ancestors educated their offspring and passed down lessons of family, history and learning. Broadway just had its greatest year ever. Many say we are in a "golden age" of television. And the movie and literary industries don't make billions of dollars a year because no one likes great stories. But what does that have to do with Information Security?
All too often Information Security Teams become "The department of ?NO'", telling users what they can't do instead of telling them why they need to modify their behavior or empowering them to do so. Indeed, even when they do provide the "why" it doesn't come with the inspiration to make behavioral change. For instance, "Change your password every sixty days and always make it complex so that people can't guess it and hack your account," tells you 1) what to do; and 2) why. But it does it really make you want to go do it?
At the summit, you will learn how to craft messages that stick with your users by using basic storytelling techniques and constructing stories which are compelling, contain a call to action, and consequently generate change. This includes concrete examples of when and how to use stories and how storytelling can aid highly technical thinkers in getting to the point of the message. There will even be examples of quick stories that can be used in posters and branding for awareness events.
Now, did you hear the one about?
Bio: Bridget K. Brown currently manages the Global Information Security Awareness program for RGA Reinsurance Company, and handles communications for RGA's Global Risk Services division. She is experienced in the creation of information security awareness strategy, communications and training; as well as data protection, compliance and change management communications and training. Along with her background as a professional actress and playwright, her constant drive to create new and interesting ways to say, "Don't click on that!" has led to an extensive knowledge of design, advertising and storytelling. She teaches these principles to Computer Engineers as an Adjunct Faculty member of Washington University of St. Louis's Graduate programs in Cyber Security Management and Information Systems Management.