Get people to read and follow your security advice in 3 easy steps
As a Security Manager, nothing is more frustrating than feeling your security alerts are being ignored. You are collecting, investigating and sharing security information but it feels like no one is reading it… much less following it. What can you do? Before we assume that something is wrong with, ‘all of them’ let’s first look at the information we’re sending. We have a few recommendations which can improve the information you’re sending and ensure that your colleagues know what to do with the information they receive.
Be concise and accurate
My favourite security briefing of all time was given in Darfur, Sudan at an inter-agency security brief. The security officer stood up and began with, “we understand that something has happened…somewhere.” Talk about vague! Of course, ‘something’ happened ‘somewhere’! Things are happening all the time but this type of information helps no one. Security information should be as concise and as accurate as possible containing these critical details:
What has happened or what is threatening to happen
Who was involved or targeted
Are there injuries/death – how many?
Is this for people’s information or action?
Is there any immediate action you want people to take?
If so, what?
Don’t pass unverified information
Security manager’s often fall into the trap of believing that the first person to pass information about a security event wins. But, there is no competition. The first information passed is often inaccurate and can even be wrong or misleading. Passing inaccurate information can even have deadly consequences as we’re seeing in South Sudan. There is nothing wrong with alerting people that an event was reported, or threatened, and what the preliminary details are. Just make sure to state that this is preliminary information and that it is unverified. Security managers who pass unverified information without stating this stand to lose credibility in the sight of their colleagues especially if their information is repeatedly found to be inaccurate or wrong. Not all information is created equal and all organisations must have a means of verifying information. There are several basic and easy methods verifying information and we’ll cover this in a subsequent blog.
Be clear about the next step
How often have you received an email and thought, “What am I supposed to do with this?” Just this week I received an email alert with the subject line: Turkey – alarming!! Given that we often work in Turkey I opened it and read about the arrests of six human rights activists over the course of several weeks. Is this alarming? Yes. Did the sender expect me to follow some course of action related to this information? I had no idea. The email sat in my in-box like a giant, red alarm bell as I attempted to get on with other work. All the while, I was thinking that I should take care of it; I should do something about it. But what? You do not want your readers to have this reaction. You want them to either know it’s just for their information or that they should take direct and immediate action and by when. This can be as simple as beginning each email, What’s App, Skype or text message with either FYI or ACTION before you pass the information.
Following these three simple guidelines every time you send out a security alert will make your alerts user-friendly and you should see an increase in the amount of colleagues who both read, appreciate and follow your advice.