[Editor's Note: This blog is from Janet Roberts at Progressive Insurance and is part of a new series where we get insight from other security awareness professionals.  Every organization and their security awareness program is different.  As such, every organization has a different story to tell and different lessons learned to share.  This is one of those stories.] Much like our counterparts in internal communications, we’re hot on the trail of the secret to getting employees to pay attention to our message and engage in partnering with us to keep the company safe and secure.  It can be a friendly rivalry or, even better, a partnership. After a year of mixed successes and failures, struggling to get the marketing and internal communications folks to push my message out to the company through a variety of channels, two things happened that have made my second year leading awareness much easier.  First we hired a new Intranet/News Team manager who is a big picture thinker and easy to work with.  Second, I got better at packaging the message to show the benefit to the employee.  The internal communications team argued that employees have so much to read that if you can’t show the benefit to them, they pass your article, story, or message by.   And…..they’re right!  Sure employees should be thinking about the benefit to the company!  But WIIFM (What’s In It for Me) is the baseline rule in employee communications. So, I created a yearlong marketing plan that asked internal communications to post graphics that hyperlinked and drove over to the tip sheets on our Enterprise Security page, to write a couple security related articles in the company’s online magazine, and to host our survey on the main Intranet site when we launched it.  I also asked for a dedicated resource from their group.  Now I meet every other month with a great woman named Jolinda who brainstorms with me about creative ways to partner with internal communications to get our messages out to employees…..then she helps me make it happen! Based on my experiences, here are a couple suggestions on how to sync up with your internal communications group:
  • Find out who is in charge of deciding what content will be elevated to your Intranet, give that person a call to set up time to discuss you security awareness program and find out how to partner with their team to get your messages out.
  • If you don’t have a writer on your team, ask for a marketing/intranet content writer to be assigned to your group and meet with them bi-monthly to talk about your messaging needs.
  • Build a marketing plan for your needs and present it to your Intranet contacts.  This helps them integrate your communication requests into the editorial calendar they should have for all the requests that come in from the entire company
  • Remember that every group in the company is lobbying them for space on the Intranet, just like you are, so relationship building and a convincing argument for why employees need and want to hear about security awareness will help.
What are you doing to partner with your internal communications team and how is that working for you? BIO: Janet Roberts is the security awareness program lead at Progressive Insurance where she's been building the company's first Security Awareness Program since 2010.  She has been with Progressive for six-and-a-half years.  For four years prior to taking on the challenge of building the awareness program, she was a senior communications consultant in Progressive's marketing/communications group, supporting a number of corporate groups including Enterprise Security.  Today she juggles communications support for all groups under the CFO and running the security awareness program.  She's proud of the fact that as the only person with a B.A. in Journalism and an M.A. in Communications out of 102 security professionals at SANS Bootcamp Security Essentials in March 2012, she survived the class :)