7 MIN READ

Information Security in Market Research: Getting the Buy-In with 'InfoSec Moments'

Louisa Thistlethwaite

Market Research Live: Room 101

This year’s Market Research Society Annual Conference was filled to the brim with insightful seminar...

9 MIN READ

Emily James

    In my previous blog I discussed some of the steps you can take to create a strong information security culture within your market research organisation or department. In this post I’m going to focus in on one of those steps - the concept of ‘InfoSec Moments’ – and share some practical tips both for creating them, and making them an effective part of your information security awareness strategy.

    To recap, infosec moments are key information security messages presented and repeated in a short, simple, focused way; within context so that they are continually absorbed (by insight staff) and thereby support the formation of positive habits in regard to information security. Why is this important? Well, people have short memories and limited attention spans which is why often, despite best efforts, training and business initiatives can fail to take hold and effect the change they were designed for. Without follow-up the best information security training session quickly becomes a distant memory.

    The purpose of infosec moments is to bring information security into the day-to-day working environment, to normalise and embed its ethos. Infosec moments are not a replacement for formal security training or corporate security policies but they are fundamental to overall cultural adoption. So, let’s take a look at making them happen.

    Tweet from FlexMR Tweet This
    'InfoSec Moments' bring information security into the day-to-day business. normalise and embed

    1. InfoSec Moments - Delivery

    Infosec moments can come in many formats. Remember that the format chosen should be compatible with the message you are trying to communicate and the outcome you wish to achieve. This is crucial to success. Posters, footers on internal emails and internal merchandise (pens, mugs, coasters, etc.) can be effective in reminding researchers to partake in simple security behaviours, i.e. maintaining clear desks and shredding confidential documents. However, where your message is more complex or controversial these techniques will have little impact. Employ a more proactive assertive approach here.

    Begin department / company internal meetings with 3 or 5 minutes devoted to information security. This time could be used to share examples of newsworthy security breaches and their impact. Where internal meetings are regular, consider involving researchers in such ‘moment’ creation - invite a different person to share a story each week or month. Equally, you might like to focus on the positive business impact of embracing information security. Either way this approach sends a much stronger communication to those attending that the issue in question is of considerable importance and demands attention.

    2. InfoSec Moments - Content

    Don’t be afraid to think outside the box when it comes to crafting security moments - both in terms of the delivery and content. People have different learning styles and it’s important to accommodate this if you want your message to truly take root. A variety of (message appropriate) formats will also maintain overall engagement. Quizzes, short videos, facts, trivia and personal and third person or business stories can all be used to bring colour and humour to what, for some, is a dry topic.

    3. InfoSec Moments - Length

    Avoid the temptation to do too much in each infosec moment. Their value comes from their short easily digestible format that asks little of the audience in terms of a time investment. If you want to promote a particular behaviour make it crystal clear what that behaviour is simply and quickly; avoiding both jargon and un-necessary distractions. If your desired behaviour cannot be communicated concisely, acknowledge this and make the focus of your moment a quality reference for guidance in its correct performance.

    4. InfoSec Moments - Schedule

    Often, when we are introducing a new way of working; procedures, polices, thought processes, it can seem like there are literally hundreds of things that we want our entire market research staff compliment to know… right now! Information security is no different. It’s easy to be ambitious but resist the urge to go overboard with your infosec moment frequency. They will lose their impact. Planning is the key here.

    Tweet from FlexMR Tweet This
    'InfoSec Moment' goal = Create a calendar of bite-sized information security communication

    Take a step back. Break information security (as applied to your organisation or department) down into sub topics and sub topics down into moments. Work out which moments are the most important to you right now and which can wait a while. Use this information to build an infosec moments schedule – considering the delivery mechanism, content, length, required repetition and exposure time for each. Your goal is to create a long term calendar plan of bite-sized information security communication. Doing this at the outset ensures both individual moments are delivered to maximum effect and that the full range of information security teaching is ultimately assimilated.

    5. InfoSec Moments – Continuity

    It can be tempting to focus on the negative when trying to create buy-in for information security initiatives, i.e. the behaviour you want people to avoid or the consequences of not adhering to a specific policy. While you can adopt this style in your infosec moments, if you rely on it solely you are at risk of building security fatigue/apathy in your research audience.

    Sharing organisation or department achievements is a refreshing approach to infosec moments and one that will motivate and empower your audience. You might chose to communicate the information security risks that were proactively avoided, a behaviour change that has been effected or praise a member of staff for their actions in relation to a security threat, i.e. that the initiative is being taken seriously and performance is being recognised and rewarded.

    Tweet from FlexMR Tweet This
    Focusing on infosec 'don't dos' can create security fatigue/apathy among market researchers

    Promoting success is particularly important when things are going well, when an information security culture has been established for some time and incidents are few and far between. Complacency can set at this point which brings renewed vulnerability. Remind your researchers of information security wins and benefits; show them that their continued vigilance is worthwhile.

    Conclusion

    Information security is of course my ‘thing’ and I believe that it is essential to the integrity of any industry entrusted with the vast amount of personal and commercial data that we in the market research industry are. But I appreciate every workplace has its own goals as well as behaviours that need promoting or stamping out. So I wanted to highlight that the ‘moment’ concept can be applied to any cultural business initiative, be it customer experience, sales, environmental - to list but a few possibilities. Just remember, keep it short, innovative and positive (as far as possible) and you will succeed… I did. Good luck.

    You might also like...

    Blog Featured Image Header

    Delivering AI Powered Qual at Scale...

    It’s safe to say artificial intelligence, and more specifically generative AI, has had a transformative impact on the market research sector. From the contentious emergence of synthetic participants t...

    7 MIN READ
    Blog Featured Image Header

    How to Use Digital Ethnography and ...

    In one way or another, we’ve all encountered social media spaces. Whether you’ve had a Facebook account since it first landed on the internet, created different accounts to keep up with relatives duri...

    7 MIN READ
    Blog Featured Image Header

    5 Ways to Power Up Your Insight Pla...

    In case you missed it (which seems unlikely), ChatGPT, the Artificial Intelligence model trained for conversation interactions has been making waves in the last few months. But once you’ve finished as...

    7 MIN READ