🗣️ Communication & Buy-In¶
You can’t scare people into caring about cyber — you’ve got to connect it to things they already value: time, trust, and not looking silly in front of their boss.
🎯 The goal¶
People won’t remember a policy, but they’ll remember a story.
You’re not trying to make them experts — just alert.
The best security message is the one that gets repeated in the kitchen.
🧩 Speak their language¶
Skip the buzzwords. Translate the tech into meaning:
| Cyber speak | Plain English |
|---|---|
| “Enable MFA” | “Add a second lock on your account.” |
| “Phishing simulation” | “Test run for scam spotting.” |
| “Threat actor” | “Scammer.” |
| “Mitigate risk” | “Reduce the chance something goes pear-shaped.” |
Flagged Tip
If your staff can’t explain it to their mum, it’s too complicated.
💬 Show, don’t tell¶
People need examples, not definitions.
Share real stories of scams you’ve stopped, weird emails you’ve seen, and mistakes you’ve made.
Admitting your own near-miss does wonders for buy-in.
🤝 Use champions¶
Every team has that one person who’s naturally curious.
Empower them to be “security champions” — they’ll spread awareness faster than any memo.
- Give them quick wins (posters, stories, or shoutouts to share).
- Rotate the role so it doesn’t become stale.
🧠 Frame it around trust¶
Awareness isn’t just about scams — it’s about trust between people and systems.
When staff know what to look for, they trust each other more and panic less.
🎥 Watch & Learn¶
(Video: How to talk about cyber without boring everyone to tears.)
Next up: Running Simulations