This document is presented as a white paper of a presentation that I gave to Enterprise Banks in 2010.
At First Banks, Inc., I worked in communications in both operations and information technology. Both positions involved communicating highly technical data to our entire corporate body – from grandmas to whiz kids. It was a fun and challenging task.
The following presentation explains the four methods that we used to communicate our policies and information security goals to the entire corporate body of First Banks, Inc.
Four Methods of Communication
At First Banks, Inc., we used four different methods to communicate to our corporate body:
- compulsory, online classes
- direct mail
- events and presentations
In my role as the Information Security Policy and Procedure Administrator at First Bank, I was directly responsible for all aspects of these communications – identifying the targets, the messages, the methods, and the followup.
1. Compulsory Online Classes
Most of our information security classes were designed for all levels of employees, so our communications strategy needed to be needle sharp: quick, punchy, easily digestible, and most importantly, effective.
I worked with our information security team to identify the core messages that we needed to communicate. Having established our required goals, I further compartmentalized them into easily digestible subcategories.
At First Bank, we utilized a proprietary testing application, but I built nearly all of the coursework in PowerPoint. I found PowerPoint to be effective, efficient, and easy to use. Most of the graphical elements were created in Adobe Illustrator and Adobe Photoshop, but all layouts, shapes, and text were created using PowerPoint.
2. Direct Mail
Yes, direct mail can be expensive and ineffective if done incorrectly.
At First Bank though, we did it right. Our direct mail communications efforts were effective for three primary reasons:
- First, the messages were never sent in isolation: we only used direct mail to bolster our other communication goals.
- Second, we used specially trained branch personnel, called Information Security Liaisons, to help disseminate our hard copy messages. These employees knew who, what, when, and how to use these communications pieces in their supported areas.
- Finally, we had fun with it. We utilized color, humor, sugar, name dropping, and wit.
What’s the big payback? Permanence. Handheld communications pieces stick around. A well-designed poster will continue to get attention and act as a reminder for several days. A letter with the CEO’s signature will retain importance and add credence to your efforts. A box of chocolates with informational stickers affixed to them pays you back with every return visit.
Email, I believe, has the potential to be the most ineffective medium of communication. Our number one goal isn’t the message. Our number one goal is getting the receiver to actually read the message before they hit delete!
As a communications designer, I was extremely lucky to work at a bank. Why? Because due to the high level of compliance regulations and proprietary software used within a bank, banks must have highly standardized software across the entire organization. Therefore, I could rest assured that my HTML/CSS email design would render identically on all employee computers. This allowed me to push the limits of the HTML/CSS email design.
At First Bank, we used email in four different ways:
- simple, single-message emails that were applicable to all employees
- targeted emails that were directed at a specific vector of employees
- newsletters that were directed to our security awareness steering committee members
- invitations and information about presentations or events
4. Events and Presentations
Events and presentations were used primarily to communicate general messages to branch personnel – not necessarily back office personnel. Because we had branches across the country, many of these presentations and events were conducted remotely, using SharePoint and other web based communications tools.
In order to coordinate and organize events and presentations across the country, we identified and trained key personnel in key branches. We called them Information Security Liaisons.
Our Information Security Liaisons were a fantastic help. If I needed to fly to Florida and give a presentation, our Info Sec Liaison would pave the way by ratcheting up awareness: reminding employees of messages that we’d sent, handing out flyers, ensuring that their direct reports were informed and communicating to their staff.
Also, I think that it’s important to note that these liaisons spoke the same cultural language as our target audiences in those areas: employees in Southern California are quite a bit different from employees in Houston, Texas, and all of them are different to me, a hick from Southern Illinois! I can’t say enough positive comments about our Liaisons. They were priceless.