One of the biggest challenges facing IT departments today, beyond that of the ever-changing technology itself, is their inability to effectively communicate with their end-users. These lapses in communication, whether they’re caused by not communicating frequently enough or a “language barrier” between the technical and non-technical staff, can lead to security risks, improper use of technology, and over-all dissatisfaction of services being provided by the department.
As we well know, the focus of IT delivery is to treat the end-users as consumers. Based on that methodology and the understanding that information technology departments are moving to an operational model where they act as a business providing services to customers rather than a department within an organization, marketing to the end-user is an essential component of ITaaS (IT as a Service).
In order to ensure effective, efficient communication, technology departments must start at the beginning and examine and revise their current end-user notification and education methods. Each year the workforce is reinvigorated with employees that are a bit younger than most of their colleagues and that are used to absorbing information and communicating in different ways. These employees are more used to a more social, less “corporate” means of communicating and are often quite adept at using social media platforms such as Twitter, Facebook, Instagram, and YouTube as primary communication method. Unfortunately, most IT departments are not equipped to effectively communicate in this manner.
As prime example of when marketing to end-users is important we can take a look at Cyber Security Awareness Month, which falls in October. For the most part IT departments will (if they do anything) send an email acknowledging that it is Cyber Security Awareness Month and highlighting the importance of taking proper cyber security measures. They may even go so far as to share video tutorials or PDFs containing step-by-step instructions on how to activate certain features or how to be more aware of suspicious attachments. In most cases, however, those methods are ineffective. Many people delete emails like that as soon as they see them or, if they’re arriving from their employer, will quickly scan them so that they can truthfully tell their employer they received and read it, and will then forget or ignore most of the content. In the majority of cases, though, emails like that just aren’t a high priority for many employees – they’ve get lost in the daily shuffle of emails coming in from clients and coworkers and no one really remembers to go back and check them.
In an effort to get your messages out to your employees, you may consider utilizing social and digital marketing tactics and communicating via mediums that they’re familiar with and readily checking. Create a Facebook Group for your employees where you post daily tips and security information. (Fun Fact: when you add someone to a group, the initial settings are that they will receive notifications when you post to the group in addition to seeing it appear in their newsfeed). Similarly, including infographics and images into newsletters – as opposed to blocks of text – will increase the likelihood that your employees will focus on and absorb the information provided to them. Creating learning activities and challenges will also provide ways to make security awareness training social and dynamic.
In order to effectively implement marketing strategies and tactics in your end-user education programs, it’s helpful to understand the seven fundamental elements of marketing in general. These elements are:
· Distribution: The method employed of getting your message to your consumer (in this case, your end-users). There are a variety of methods, both traditional (printed brochures and flyers) as well as digital/multi-media (email, social media, video, text messaging, etc.)
· Financing: Every marketing campaign has a cost, even if it’s an internal campaign, and in order to demonstrate the effectiveness of the campaign you must examine the ROI (return on investment). However, with campaigns directed at the end-user, it’s important to consider the offsetting cost. That is to say, the amount of money that would be saved by the success of the campaign. For example, your organization may find after an internal audit that it “spends” (after applying an hourly rate to employees and evaluating the cost of equipment purchases) roughly $15,000 per year troubleshooting and remediating issues and replacing workstations. Comparatively, a 100 person company may elect to dedicate $25 per employee ($2,500 total) to security awareness training. When you consider the value of simply avoiding the problem in the first place, the cost the campaign is minimal and well worth the spend.
· Market Research: Understanding your work forces is key, just like understanding the target customer. You’ll want to consider what methods of communication might be most effective across your workforce as a whole as well as across various segments.
o Younger employees may be more apt to watch a YouTube video or read an infographic, whereas your older employees may benefit more from in-person training.
· Pricing: As you will be marketing to your own end-users, assigning the “price” of your endeavors differs a bit from the usual sense. Typically when assigning the price of an item the company will examine the cost to manufacture the item, the cost to ship the item, their desired profit margin, and a host of other factors and come up with a per-piece price. When marketing to your own end-user, you’ll instead want to examine what the most effective and reasonable method of communication is and determine which option has the highest value, regardless of the actual cost of the campaign.
o For example, it may – at first glance – be more cost effective to spend $25 per person creating training videos versus deploying a web-based training program that costs $35 per person. However, if the effectiveness rate of the $25/person program is 30% and the effectiveness rate of the $35/person program is 75% then it becomes obvious that in the long run the more expensive program is the most cost-effective.
· Products and Services Management: Once we understanding the other foundational elements of the campaign, it’s important to consider how the campaign is managed and – specifically – how the end-user training is deployed and followed-up on. This goes back to understanding your users and their needs. You’ll want to develop a method of measuring the success rate (i.e.: comparing the number of IT support tickets created month over month) as well as a method of soliciting feedback and providing additional resources or explanations. Your campaign will never be effective if there is no way for your end-users to tell you whether or not it makes sense or to get clarification on issues.
· Promotion: This is simple, IT should be promoted in a positive manner and the training and campaign should be framed as being a big-picture solution. You don’t want to frame it as “the IT department has dropped the ball in the past and now we’re catching up.” You’ll also want to use your campaign to create a positive identity for IT. In far too many organizations the over-worked, under-staffed IT department employees are often seen as people who are short-fused and grumpy. This is usually because they simply don’t have the time for idle chit-chat when their primary communication with their colleagues is people complaining that things aren’t working. They also have the responsibility of prioritizing the order in which tickets are worked, which often will leave their co-workers feeling miffed if their issue isn’t deemed the highest priority. Take that into consideration and use your campaign as a means of explaining these issues to the larger employee pool and highlighting all of the great things the department does for the organization.
· Selling: In this case you’ll want to focus on getting your employees to buy into the program. Get your message out, evaluate its success, make changes where needed, and continue to improve upon what you’ve already implemented.
Marketing can affect an IT department in a very positive manner as long as your organization is willing to commit to a long term relationship with your marketers. One and done does not work, this is an ongoing process. Once you’ve begun to implement awareness and training campaigns you have to be prepared to continue – simply sending out one campaign and calling it a day won’t work. Continuously pushing your message in new and innovative ways that your audience responds to, however, will.