How have you approached integrating humor or storytelling into security awareness materials? What do you consider the biggest do’s and don’ts?
Sort By:
Oldest
COO2 months ago
Yes, it's important to bring things as close to the individual's personal concern as possible. People often don't care about anything unless it affects them. We had an HR lady who is no longer with us because she didn't follow the protocol. She received an email from an employee requesting to change the direct deposit of that person's information to their bank account, effectively internal theft. We have protocols in place, and it all falls back to common sense. Cybersecurity can't prevent common sense failures.I have five tenants that I build myself around so that people view me not as an enemy or an overseer, but more as a person who is here to help and protect. I maintain my status as a subject matter expert, I engage in storytelling, I share my passion and enthusiasm for IT, I'm always interactive and relatable with everybody, and I retain credibility and authority for myself by minimizing my mistakes. I believe this is the way it should be.
Director of IT Planning2 months ago
Integrating humor or storytelling into security awareness materials can be an effective way to engage employees and make important information more memorable. Here’s how you can approach it along with some key do’s and don’ts:Approaches to Integrating Humor and Storytelling
Relatable Scenarios:
Storytelling: Use everyday scenarios that employees can relate to, such as receiving a suspicious email or encountering a phishing attempt. Craft a narrative around these situations to illustrate the importance of security protocols.
Humor: Inject light-hearted humor that resonates with the daily experiences of your audience. For instance, a funny anecdote about someone almost falling for a phishing scam but catching on just in time.
Characters and Mascots:
Storytelling: Create recurring characters or mascots who are relatable and can guide employees through different security concepts. These characters can be part of ongoing stories or series.
Humor: Characters can have quirky personalities or humorous quirks that make them memorable and enjoyable to learn from.
Visual and Multimedia Elements:
Storytelling: Use videos, animations, and comics to bring stories to life. Visual storytelling can be particularly effective in maintaining attention and reinforcing key messages.
Humor: Incorporate funny visuals, sound effects, and animations to highlight the do's and don'ts of security practices.
Gamification:
Storytelling: Develop interactive games or quizzes that have storylines where employees must make choices to progress, learning about security in the process.
Humor: Use humor in the feedback and outcomes within the game to make the learning process fun and engaging.
Do’s and Don’ts
Do’s:
Be Relatable: Ensure that the humor and stories are relatable to your audience. This will make the material more engaging and relevant.
Keep It Light: Use humor that is light-hearted and inoffensive. The goal is to make learning enjoyable, not to offend or alienate anyone.
Align with Key Messages: Make sure that the humor and stories reinforce the key security messages you want to convey. They should enhance understanding, not distract from it.
Test the Waters: Pilot your materials with a small group to gauge reactions and refine your approach based on feedback.
Use Real-Life Examples: Incorporate real-life examples and incidents (anonymized as needed) to drive home the seriousness of the message while still using humor.
Don’ts:
Avoid Sensitive Topics: Steer clear of humor that touches on sensitive or controversial topics. This can backfire and lead to misunderstandings or complaints.
Don’t Overdo It: Balance humor with seriousness. Overusing humor can undermine the importance of the security messages.
Avoid Technical Jargon: Ensure that the humor and stories are accessible to everyone, regardless of their technical expertise. Avoid technical jargon that might confuse or alienate some employees.
Don’t Be Disrespectful: Avoid humor that could be seen as mocking or belittling employees who may not be familiar with certain security practices.
Don’t Ignore Feedback: If feedback indicates that the humor or stories are not well-received or understood, be prepared to adapt and change your approach.
By thoughtfully integrating humor and storytelling into security awareness materials, you can create an engaging and effective learning experience that helps reinforce important security practices in a memorable way.
In my team, we incorporate humor into our live security awareness training. It's not always the funniest thing, but that's part of the point. We're trying to entertain them to some extent because our goal is to keep their attention as long as possible and keep them engaged. However, we always have to ensure that we don't say or do anything which could trigger or annoy anyone. We try to come up with outrageous circumstances because we don't want to try to be funny or think we're funny as tech people and end up being tone-deaf.