Skip to main content

Center for Cybersecurity Center and Data Intlligence

Part 1: Comm Prof on Cybersecurity Training

By James Robinson, Ph.D., Professor, Dept. of Communication

Theory drives practice, and communication theories are especially effective for driving IT training practices. This post is the first in a series that will explain communication theory’s role in improving computer security.

Communication is a stochastic process, helping end users and IT professionals alike develop effective educational campaigns focusing on cybersecurity. While the term stochastic sounds complex, the principle is not difficult to understand and is critical to the success of any message strategy.

Stochastic means that a series of events must occur before some process can be successfully completed. For example, an audience that is not exposed to a message cannot be influenced by that message. While this idea may seem obvious, think about the amount of money spent on advertising that goes unwatched or ignored. No exposure usually means no influence – and that is the kiss of death for information campaigns.

Important to note, message exposure is a necessary, but not sufficient condition, for influence to occur. We must also gain the attention of the audience for the message to be effective. We see efforts to gain attention in the use of humor, slogans/catch phrases, music, celebrities, or attractive models and spokespersons.

Still, exposure and attention are not enough to insure message effectiveness. Exposed messages that grab an audience’s attention must also be understandable and memorable. People are exposed to thousands of messages every day – which is why we should try to pair our message with things the audience already knows/thinks about.

Remember – a single message is seldom effective, but stochastic campaigns are. We must design message campaigns that trigger recollection of previous messages.

Finally, effective message strategies encouraging some behavior (e.g., cybersecurity behaviors such as password strengthening) must produce feelings of efficacy in the target audience. In this example, a message campaign must make an audience feel like they are completely capable of strengthening their password and remembering their more complex password, while also convincing them that password strengthening is an effective strategy for computer security.

That was a lot of theory thrown at you, so here’s the “SparkNotes” version...

Campaigns will fail if the audience is not:
1. Exposed to the message
2. Attentive to the message
3. Comprehending the message
4. Remembering the message
5. Motivated to recall the messages after initial exposure
6. Convinced the solution is effective
7. Efficacious about enacting the new behavior that's advocated

You must plan your messages carefully, and you must view message strategies as occurring over time. Single message strategies are seldom effective – and that is in part because communication is a stochastic process.

Part two of this series further explores the audience's role in message effectiveness. 

Previous Post

Is Your Organization Cyber-Mindful™?

Social engineering ploys are now the biggest threat to your organization's cybersecurity. Adopting a Cyber-Mindful™ approach in cybersecurity training can mitigate these risks.
Read More
Next Post

What a Student Can Teach You About Cybersecurity

Student shares top lessons learned in UD's Cybersecurity and Communication course.
Read More