Cyber Security from the Inside Out: is your cyber safety message getting through?
Sometimes it's not what we say but how we say it that stops our message getting through.
Take this example below...
What is ransomware and how does it work?
Ransomware is a type of cryptoviral extortion attack. Cyber criminals create a key pair and place the corresponding public key in a piece of malware. Once released, the malware generates a random symmetric key and encrypts the victim’s data. The public key in the malware also encrypts the symmetric key - this is known as hybrid encryption. As a result access to your files is blocked until a ransom is paid.
It’s clear to see how using overly complicated language can be a huge barrier when it comes to communicating cyber security messages. After all, do most people know what cryptoviral extortion is? What about a public key? Or hybrid encryption?
No, many of us don’t understand this. The words we use, how we structure them and present them matters, verbal or written.
This week in our Cyber Security from the Inside Out series we are focusing on the importance of language when talking to your employees about cyber safety.
Here are some of the ways to fix your messaging and build better cyber security awareness and engagement within your people.
Go jargon free
Did you know that the use of jargon in communications leads to motivated resistance to persuasion and lower support of the subject matter?
These are major barriers when it comes to building awareness of cyber safety in your organisation. The bottom line is that using inaccessible language puts your people at risk of losing interest due to a lack of understanding.
It is extremely important that you use plain English to get your message across. Where you can’t, offer a definition of a particular term.
For example, don’t skip over the term ‘data exfiltration’ in your cyber safety emails. Explain that it’s the transfer of data from a system without consent.
Instead of talking about ‘password sniffing’ at your next training day, why not talk about the hacking technique where criminals monitor network traffic to steal usernames and passwords? You can introduce the term afterwards.
If your cyber safety messages are coming straight from the IT department, get someone from outside the team, a non-technical person, to have a read before sending them out. If you’re an IT specialist it may be easy for you to overestimate the knowledge that non-IT people have. It’s all about thinking ‘will the people who receive this message understand what I mean?’
There is more to watch out for. Jargon isn’t only the words that you use. It includes presenting unintuitive data (is there a clear link between what you’re saying and the data you’re presenting?), too many acronyms, or overcomplicated graphs. Think about simplifying the message and addressing the key points.
Structure your cyber safety communications effectively
One way to create simpler cyber safety messaging is to follow the form of an inverted pyramid - a trick used by communicators to highlight the most important information first. The pyramid will ultimately help you to structure and prioritise information within your cyber safety communications.
When you have the content of your message ready, order the information from ‘most important’ to ‘nice to know’. This will allow you to pick out bits which may not be relevant at all, as well as make you more aware of including jargon words or in-phrases.
Including the key points at the very beginning means that your people do not have to filter through your communications to get to the heart of what you’re trying to say. This makes it far easier for them to follow along and understand cyber safety.
Focus on the people impact of cyber safety
Communicating facts and statistics is only a small part of building cyber security awareness. In order to succeed you must switch to communicating information which is truly relevant to your employees.
Your main focus should be on communicating the real-life effects of cyber security incidents. Doing this means your employees can relate to the information they receive, meaning it is more likely to stick with them. This is what will build engagement with and awareness of cyber security within your organisation.
Claiming that X % of businesses were affected by cyber security breaches last year and that your employees should be vigilant, will only get you so far.
Instead, put the heart into the message with a story or anecdote. Think about putting a face to the topic. Can you have someone whose organisation fell victim to cyber criminals talk to your people? Are you able to sit your employees down and show them a video of someone’s experience? Do you have a personal experience that you’d be willing to share?
Using real people and emotive language is one of the best ways to humanise the subject and allow your staff to feel connected to the issue at hand - the rising threat of cyber attacks. Otherwise, you risk cyber safety becoming a background conversation and something which is only talked about when it’s too late.
Do these communication issues resonate with you? Are you keen to build a better awareness of cyber safety within your organisation? We are here to help and advise. Send us an email firstname.lastname@example.org or visit our website insideoutconsulting.co.uk.