For this post I thought I would talk about a few things that are vital to any security program to inform internal personal about security awareness.  As stated earlier this is just some things that I think a program would need.



Collateral
Collateral is a broad term for internally distributed materials. These are things like newsletters, blogs, and other internal communications. These types of internal communication serve as a simple reminder to your users that security is important and gives you an opportunity to educate them once you have their attention. Try to keep these communications bite-sized but give them a link back to a lengthier article if they want more information. Work within acceptable corporate guidelines, but be aware of limitations. If newsletters are the only way, still go for it, but try to appeal to different demographics.
For example, while older people tend to respond to traditional newsletters, Millennials might respond better to a blog or Twitter like activities. Also consider the possibility that some media types might be too congested. For example, newsletters might be deleted unread out of habit by many employees, so they might not be the best choice of venue for your Security Awareness program. Whichever formats you choose, make sure you set up your process to enable you to capture metrics on readership and click throughs. Metrics will allow you to determine where to focus future efforts.


Posters
Posters are a tried and true method of raising awareness. While some people believe they are old-fashioned and outdated, they can be very effective when they are well designed. The Smokey the Bear and the now ubiquitous "See Something, Say Something" campaigns are testament to the effectiveness of posters. If you lack the skills to come up with a catchy tagline and your best shot at drawing still limits you to stick figures, it's okay to branch out to your internal marketing team or contract a graphic designer. This way you can ensure the style of poster and messaging matches your corporate culture.
Also consider including a QR code that will bring users back to your internal knowledge base, if you have one. This will accomplish two things: 1) Give your employees more information on the given topic, and 2) Collect metrics on how many employees are reading your poster and look for more information. Lastly, make sure your posters are placed in highly trafficked areas where they will receive maximum visibility. You don't want to place them where they become background noise.

My next post will have a few more components for a good internal security awareness program.