The document provides guidelines for improving information security awareness in organizations, highlighting the severe financial consequences of breaches. It suggests creating targeted communication campaigns, using various methods to engage employees, and measuring the impact of these initiatives. By increasing awareness, organizations can empower employees to better identify and prevent security threats.

1. Information Security
Awareness
Tips to Improve Infosec Awareness in Any Organization

2. Information security is one of the hot topics in the
corporate world, and for a good reason.
The impact of a information security breach can have
catastrophic impacts on organizations, with the average
cost of data security breaches costing companies
$4 million on average. (IBM, 2016)

3. Information security management can be a huge job for security and
compliance officers to manage on their own.
Improving information security awareness across your organization
could help significantly reduce the number of breaches and
unintentional disclosure of secure information.
The more employees are aware of their role in identifying and
preventing attacks, the more difficult it is for cyber criminals to
penetrate your infrastructure.

4. 1.Create a Campaign
Think like a marketer. Plan your campaign to include a series of
messages that build momentum, and/or get repeated over time. Also
consider repurposing these messages into different formats (for
example, recreate a security process list into a highly visual 1-2-3
step infographic) to suit all learning styles.
Tips to improve infosec
awareness in your
organization

5. • Identify which messages you are going to communicate
• Decide when you are going to send your messages
• Use a variety of channels and formats to engage staff
• Repeat your messages through different channels to ensure
visibility
• Measure your results and update accordingly
How to create a campaign for
your communications:

6. 2. Decide on your key messages
• What are the biggest threats in your organization?
• Are there any areas of weakness you need to address?
• Do different departments have different risks or topics to address?

7. 3. Target your messages
Target your messages for different departments.
Each department has unique risks related to the information they
deal with.
Think what risks are more apparent for your accounts team
compared to sales.

8. Staff that deal with customer information need to be trained on the steps to take
to ensure they can keep that information secure.

9. 4. Use multiple methods
Decide on a few communication methods e.g. print posters,
company wide desktop screensavers, emails, training sessions,
quizzes, or videos.

10. Screensavers are visually engaging and are an effective way
to remind staff to take action

11. 5. Make it interesting
Create eye-catching ways of communicating your messages e.g.
cartoon characters, well-known internet characters, interesting
examples of big security breaches, random phishing tests,
interesting facts about the impacts of security breaches.

12. Interesting facts help communicate points and will stick in employees’ minds

13. 6. Measure your impact
To ensure you are getting the most out of your campaign,
measurement is essential. You should measure:
- Reduction in breaches
- Increased staff awareness – by quizzing staff
- Readership of communications – some internal comms software
(including SnapComms) has this functionality
- Survey staff to see which messages they engaged best with

14. Information Security:
as easy as ABC
ALWAYS
BE
CAREFUL
Simple slogans can help make your lessons memorable to staff members.

15. To learn more about how SnapComms
can help improve infosec awareness,
visit our website:
SnapComms.com/solutions/employee-security-awareness
SnapComms is a global leader in internal communications software, serving 1
million users in many of the world’s largest organizations across 45+ countries
including several fortune 500 companies.