Importance of Branding Your Information Security Program
While technological solutions abound in financial institutions have installed firewalls, intrusion detection systems, robust anti-virus and anti-spyware solutions, and strengthened authentication methods, financial institutions have forgotten security awareness training. One reason? There isnâ€™t a recognizable â€œbrandâ€ for the information security program at many financial institutions.
According to information security expert Rebecca Herold, branding your information security program is the first step in building the basic awareness for the increased information security issues facing your institution. â€œAs far as internal branding, thatâ€™s something we did at Principal Financial Group,â€ Herold said. Her work in building the information security program at Principal Financial Group garnered outside recognition through awards, as well as the internal recognition by the financial services companyâ€™s staff.
â€œOur branding program worked out very well. We planned and executed a wide variety of placements for our brand,â€ Herold explained. Some examples she included was to create a non-human representative for your brand. â€œOurs was a figure with a padlock head, we named it â€˜Paddy Lock,â€™â€ she recalled.
Paddy Lock had a big padlock head with a human-like body. â€œWe branded all of our emails, newsletters, announcements and any giveaways from our information security group with Paddyâ€™s likeness,â€ Herold noted. The information security group went as far as having a professional costume created for Paddy Lock, and one of the members of the group would dress and appear in costume for meetings, walk around the corporate offices, and would hand out information to employees.
Herold said that whether employees liked Paddy Lock or they thought it was too cartoonish, â€œthe point was that people recognized it, and saw the need and importance of our message,â€ she said.
Herold also stressed the importance of making whatever logo or identifying likeness something your staff (and customers) can relate to, â€œIf you can make it unique to your company, this will go a long way in helping brand your program,â€ she added. While some financial institutions use outside logos, like the Federal Trade Commissionâ€™s logo or other outside agency logos, Herold recommended the individual brand as being best approach.
Logos are an effective way to brand your program, but there are a few issues that need to be considered when choosing them. â€œReview the logos carefully once youâ€™ve narrowed it down and are ready to make a choice. Remember to consider the cultural and ethnic and regional groups who may be represented within your institutionâ€™s workforce,â€ Herold said.
â€œThis is why we went with something as a cartoon character, didnâ€™t open the chance someone would identify a certain group and thus reduce the chance of offending someone,â€ she said.
Herold noted that branding is a great way to get it quickly in front of employees, and in their minds. It works especially well on a website, she recommended including the brand logo on screen savers and on your groupâ€™s intranet site.
When incorporating the brand logo into your awareness program, there are just so many different things you can do to add vibrance and color to it. â€œWhen youâ€™re considering doing them, take a look at what your institution is, and what is the makeup of your employee base. It really depends on your organizationâ€™s level of acceptance, some are more open, some are more rigid,â€ she explained.
If you havenâ€™t already done this for your information security program, the branding and use of â€œcatch phrasesâ€ is also recommended by Herold. â€œIt doesnâ€™t have to be elaborate, but something that drives home the idea that information security is important to business at your institution.â€ Herold also noted that if your institution has a marketing or advertising department that using them as a resource is invaluable.
Finally, when branding your program, it is of utmost importance to have your institutionâ€™s senior management buy in. â€œThis is very important, and will ultimately be the number one reason for the success of your program,â€ Herold noted. This person needs to be the CEO, president or other respected, visible leader in the institution. â€œThey need to state that the information security program is important. Without this, youâ€™ll be doing double the work, because people wonâ€™t view your program as something vital to the business of the institution, she concluded.