Problem:
One of the recurrent questions asked is: How to ramp-up an information security campaign? Sometimes, getting the participation of people just feels like a walk in the desert… Where is everybody!?
The question is complex as there are many factors to consider: If the course is not mandatory or if the high management is not involved, if, if, if… Instead of getting to the root of the problem, let’s talk about a proven ‘’quick fix’’: Efficient follow-ups.
Solution:
All the people who experienced a successful awareness campaign will advise you about good, smart and persistent follow-ups. How do you achieve it? You just have to follow these basic steps… very carefully!
1. Set a specific course timeframe, ex. 2 months, and stick to it.
Why? You want to create an urgent feeling, so people do not tend to delay its completion and forget about it.
2. Have in hand a database of all your participants, easy to use with at least the following:
Name, email, work phone and the department chief.
3. Ask reports of the people that followed the course. The last thing you want to do is to follow-up on people who actually performed the course. Most of Learning Management System (LMS) will provide you this information (reports).
4. Share these reports with the managers. Have them involved! Let them know who, in their team have not attended the course. Ask for their support.
5. Make a follow-up schedule. Planning is everything!
6. Always sign your message clearly and have an email and phone number to reach you in case of a question ex. Annie Boulanger, from the security team, for any question in relation to this topic, please contact me at [email protected], 1 866 889-5806
7. Start your messages off gently and be more insistent as the end of course arrives.
Follow-up schedule
Week 1
Launch of the course.
Send access information; specify the purpose, the time allocated and the timeframe.
Week 3
Hello. You have not followed the course yet. However you still have a few more weeks to go. Thank you in advance for your participation. It is greatly appreciated.
Week 5
Hello again!
We are aware that you have not yet followed the course. Only one month is left before the end of the course. We are counting on your participation. This is very important as information is everyone’s business.
Week 6
Dear (name-of-your-organization) member. We are asking you to follow the information security course in a prompt delay. If you have any concerns, please contact us at your earliest convenience.
Week 7
Michael Smith, we know you have not yet followed the course despite the numerous reminders already sent .There is only 10 days left before the end of the course. Please make sure you include your course into your work schedule.
Week 8 – day 1
Michael Smith, there are only 5 days left before the end of the training. Advise us if there are any issues that explain why you could not follow the course. Otherwise, make sure to find the time before the end of this week.
CC. Chief department
Week 8 – day 2
Michael Smith, only 4 days left before the end of the training. We are still waiting for you to attend the course.
CC chief department
Week 8 – day 3
Give a call to everybody who has not followed the course to fix this issue. At this point there is no need to send any other follow-up emails.
With these efficient follow-ups I have absolutely no doubt that your campaign will be successful. Enjoy!