Security Awareness Blog

Guest Post #2 - Leveraging Social Media at Diageo

J.Haren(3)Editor's Note: John Haren is the Head of Information Security Governance, Risk & Compliance at Diageo and has responsibility for the company's Security Awareness program. Below is part two of a series where John describes how Diageo is leveraging social media to engage staff and help drive their awareness program.

In a my previous blog post I discussed how we have used Yammer at Diageo to help me both deliver content and get some engagement with the end-user population, to facilitate their asking questions and drive a two-way dialog between them and our security team. I introduced the concept of a "YamJam" which is a planned & structured interactive sessions on Yammer, effectively an open meeting which takes place on a designated Yammer group at a particular time.

We had seen how effective Yammer had been for communication but we wondered whether we could take it further and use it to facilitate conversations on a larger scale at a point in time. I saw this like a concentrated social media session where, instead of dipping in several times a day (or week), all of the interaction happened within an hour, and all on the topic of Information Security. We decided to give it a go and see what the outcome was.

The first Yamjam we ran, a smaller one, was with about 50 people across Policy Champions and the wider IT community globally, which effectively acted as a vehicle for IT folks to ask questions about the global policies and standards which, hopefully, helped them better support their markets around the policy. This concept was then expanded and the subsequent Yamjam involved hundreds of people and included the CIO and CTO and a range of other Senior people, as well as the information security folks. This really helped to lend weight to the importance of cyber risk and what people as individuals could do to reduce that risk. Some questions were planted to get the conversation going but it didn't take long for it to start proliferating naturally. This was a great success and something I would encourage other companies with Yammer to do, whether on a large or small, focused basis.

Lessons learned from the Yamjam included;

  • Top Down Communication ? Gain Senior Management support to encourage participation
  • Bottom Up communication ? Send a communication to all attendees ? a focused mail covering why it will be of benefit to them. Include an FAQ document on the Yamjam ? don't presume people understand what this is about
  • Get into peoples' diaries early to maximise chances of attendance
  • Be very clear about the time commitment ? the shorter the session is the better
  • Develop a plan and walk the people who are responding to the questions through the plan in advance of the YamJam.
  • Document an introduction and conclusion in advance
  • Develop some planted questions in advance with suggested answers and designated people to ask/answer. This is to ensure that momentum is initiated and maintained.
  • Ensure you have a director on the Yamjam ? this person will direct responders and answers and prevent duplication. This can be done over instant messaging or private teleconference.
  • Encourage individual Yammer threads as it is too difficult to follow all the questions if in one thread
  • Drive variety in the Yamjam ? include questions, polls, cartoons, links to short videos etc. It is important to add a sense of fun ? this also generates discussion.
  • Encourage poll participation to enable people to engage ? even if people don't have questions they can at least participate in these
  • Ask for feedback ? Send a short list of specific feedback questions to some of those who contributed ? to drive continuous improvement and new ideas for subsequent sessions.

Bio: John Haren is the Head of Information Security Governance, Risk & Compliance at Diageo and has responsibility for the company's Security Awareness program.

1 Comments

Posted July 15, 2015 at 4:35 PM | Permalink | Reply

Darrell Flinn

Some great lessons here John. Two that stood out to me and will no doubt were key in ensuring success:
Document an introduction and conclusion in advance
Develop some planted questions in advance with suggested answers and designated people to ask/answer. This is to ensure that momentum is initiated and maintained.
I've seen a lot of people perceive Yammer as a foe of security, it's great to see this turned on its head. Thanks for sharing!