The Many Languages of Security and Privacy
I've done a lot of information security and privacy awareness and training work since 1990. I continue to do a lot; not only because of the *REAL* importance it has to the success of security and privacy efforts, but also because it is something I love doing.
I think awareness and training too often gets a bum rap because of some of the very poor awareness and training products out there, along with some technology vendors poo-pooing security and privacy education. Awareness and training efforts must speak to all your employees, at all levels of your organization, in ways that *THEY* will understand. In fact, I believe this so passionately that I am very excited to be launching in September a new awareness product/service that is based upon effective educational concepts I know work, not only from my experiences, but also from my education (I have a Masters degree in Computer Science and Education). More on this will come at a later date...
But something that I've see time and time again in addition to extremely poorly written awareness communications is not taking into consideration *ALL* the audiences within your organization. A huge percentage of organizations have personnel whose first language is not English, but yet the awareness and training communications are *ONLY* provided in English. If your personnel do not understand English fluently, then your awareness message is not going to reach these folks.
I have seen some great awareness tools that take into consideration the languages of all personnel. Here are a couple of ideas...
* Notepads with the organization's information security slogan is a commonly used awareness trinket. I personally like memo and notepads; most personnel use them, and it keeps the issue of information security and privacy in front of most employees, on their desk by their computer, most of the time. When designing these notepads, provide your information security slogan, or other message such as, "Don't write confidential information here," or "Did you just write something secret? DOH!" in *EACH* of the primary languages that your personnel speak. I like to see these messages written in a light shadow font that your employees can clearly write over with their pens and pencils...making the message like a background. What I think is even cooler is to provide an English phonetic pronunciation to accompany the phrase in each of the languages. Your personnel will not only have fun knowing how to say the phrases in other languages, they will also see that you really do care about getting the awareness message to all personnel in your organization.
* Screensavers with information security and privacy messages are also often used. These can be very creative, and can be very good for quickly communicating security and privacy issues that are of a current concern. Use the same concept as with the notepads; provide the message in each of the primary languages that your personnel speak. And, what I think is nice, is when organizations, that have the capability and the right environment, not only launch the visual screen saver, but also provide a button to click so that the printed message is also spoken. Just think how effective this would be to have an audio communication of the message in all the primary languages of your personnel!
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine