There are three things that will require your focus when establishing security and privacy arrangements within your institution: technology, awareness and organisation. In this blog series, we will take a closer look at awareness: what does awareness involve, what do we need to know about human behaviour, and how should you establish a robust awareness programme? This sixth blog in the series of 8 is about the actions and interventions you should use to encourage the desired behaviour.
In this phase, you will decide which communication tools to use to raise awareness within your institution. Which forms of offline and online communication will best suit your target group(s) will depend on your target behaviour.
Think about what you want to achieve with the available communication resources. By thoughtfully choosing communication resources that have a clear purpose (and you therefore know how they will affect certain behavioural factors), you will be in a better position to shape the programme. There are 4 primary goals for communication resources.
To inform: sharing, deepening and translating knowledge is crucial. Using resources such as posters, flyers, manuals or videos, you can share the right knowledge and inform your target group about cybercrime methods, threats and vulnerabilities, or prevention and risks.
To challenge: knowledge alone is not enough, you want people to actually exhibit the desired behaviour. Resources such as quizzes, e-learning modules, thought-provoking statements on cyber, but also useful gadgets like webcam covers, may invite or challenge your target group to actually put the information acquired to good use.
To inspire: users will feel more inspired to get started when resources are focused on the group or team, and less on the individual. Seeing examples of leaders and feeling part of a group are powerful forces that can drive behavioural change. Example activities might include presentations, themed evenings, workshops or games in which you have to collaborate.
To assess: there are various methods you can use to test the knowledge or behaviour of your users. Interviews, simulation tools and e-learning programs can all help to test users’ knowledge. Confronting users with the results of a visit by a mystery guest can also have a big impact.
You have now worked out which resources are best geared to the behavioural factors you want to influence in order to achieve the desired target behaviour. How do you measure whether a change has actually taken place? In the next blog, we will set out how you can assess the impact of your awareness programme.
Other blogs in this series:
- Blog #1: The utility and necessity of awareness
- Blog #2: Why an awareness programme?
- Blog #3: Who are your target groups?
- Blog #4: What is the overall aim and desired behaviour?
- Blog #5: Which factors affect behaviour?
- Blog #7: Is your programme having the desired effect?
- Blog #8: Implementing the programme
About the authors
This series of blog posts has been created by the GÉANT Cyber Security Month team, in close collaboration with SURF.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on dev.connect.geant.org/csm2022