A fe days ago I suggested that understanding a user base starts with ourselves. Of course, that doesn’t mean ignoring tools that allow you to build on that understanding, after all, politicians are customers of the state but still use polling every day.
Fortunately, there is no shortage of good tools available to bring security closer to the user base, and which ones you use will depend on the audience. Directors and non-executives might benefit from dedicated seminars to drive engagement with security risks facing the business. For most staff however, it’s about getting beyond annual CBT exercises and scary posters to actually engage with people in a two-way conversation – for example, offering a prize in exchange for feedback, or providing advice on home IT security that people will connect with. It means taking people’s ideas and concerns on board and providing feedback to show that you’ve listened.