If you've wanted to create short videos for your cybersecurity awareness content but uncertain on how keep it effective, this talk features Elisheva Hudson, documentary filmmaker and owner of Hudson Films with an emphasis on short, documentary style videos for impact. The aim of our discussion is to provide a framework for cyber security professionals in creating strong videos to convey their cyber security stories of awareness.
How not to start creating a video
"A lot of people get stuck on the technical so much they forget about the foundations of what is being put into this video in order to make an impact...Do your best to override that as much as possible or perhaps don't [even] start with the tech. The first thing to start with is 'what do I want this video to be about'. There are studies that show there are many technical things that audiences will be forgiving of when it comes to the lighting or the framing being off - people will be quite forgiving of that. But what they won't be forgiving of is if it's quite boring.
With that said, Elisheva emphasizes the importance of first determining the goal of the security awareness training video and the message to achieve that goal. Once you have established that, what else should be considered to make the video impactful? Elisheva provided us with a quick guide to help us get started. Let's break it down.
Whether it is the person being interviewed or the approach to the topic at hand, you want to find something unique that will make the viewer stop and take notice. Testimonial-style videos are a great way to humanize the security awareness experience within an organization by celebrating successes or pleasant surprises from employees.
When considering the uniqueness aspect could range from a person's appearance, background, or position within the company. A good testimonial will be more than the 'run-of-the-mill' responses but will provide a new perspective or insight into a common theme - it'll stand out to the audience and be more memorable.
Making your security awareness training video unique can also be just how you present the content - for example, through humor - using some sort of hook to capture people's attention that they don't typically expect.
Elisheva clarified "uniqueness applies to the video as a whole". Whether it is the person being interviewed, the way the video is constructed, or how it is approached all apply to the video as a whole. Don't get too caught up in ensuring every element of the process is considered 'unique' - it's rather the big picture.
What grabs the audience's attention initially - the 'hook' - can be established in a variety of ways. A couple of examples of a hook that are good to consider include beginning with a question or presenting the intro in a way that gets the audience to ask a question themselves. Once there is a question, typically the listener wants to stay long enough for the answer.
She did caution not to use anything overly controversial that does not relate to the viewers you're targeting. Another simple tactic is simply flashing up a directive to "Stop scrolling!" as it catches our attention quickly.
However, it's important not to get stuck on the hook. Elisheva recommends to focus on the message itself and then go back and determine the best way to utilize a hook relevant to the message.
When creating the video messaging, it's important to consider the audience's pain points they deal with most in the setting of everyday work (or at home) around issues pertaining to cyber safety. Simply by clearly communicating the pain point the viewer faces connects them to your message. Once you've built that connection, the door is open to them listening for the resolution or possible solution you're presenting.
Getting feedback from your employees or having conversations around some of their frustrations with cyber safety that they deal with can help you create a more meaningful approach in your content that will resonate.
"This is one of those things that is [seemingly] so simple and we all think we're doing it, but it's often forgotten about and we don't realize we're not always being clear. This is a common thing, especially working on videos, we work on a project so much that we make assumptions and we forget that our audience may be quite fresh to what we're dealing with."
In the planning stages of the video, it's important to establish the goal of the video - what action or feeling do you want the audience to do/have? Whatever may be the answer, make sure that message is 100% clear.
Be mindful not to add on to that message other information that will clutter up and obscure the main point of the video. This is quite the challenge for cyber security awareness when there is so much information we want to convey all the steps in one fell swoop - but resist the urge! Instead, consider breaking the information up into micro-content. Creating a series around a topic is one way to share a lot of information in bite-sized viewings.
From an educational point of view, if you're educating people on things that are rather complicated, you want to empower your audience. You don't want to overwhelm your audience.
Also, Elisheva recommends not only planning from a video perspective - "We want a 3-minute testimonial style piece" - but also planning for creating micro-content from the full testimonial you record. As you set up your flow of questions, consider how to also address all the supporting questions/issues around the topic.
Create a list of common questions, concerns, and objections that the audience has and see how you can direct the conversation to try and answer some of those questions through the course of the recording. The end result will be having not only your edited piece but also extra snippets of insight that can also be used to drip out to your organization on a similar theme in short insights.
Once you have a general idea of what you want your content to be, ask yourself what is the audience's motivation to care about your message.
Even if you don't think the audience initially is motivated to care - as is common in security awareness! - there are ways to try and instill a reason to do so in the viewer. Some of the ways Elisheva mentioned include:
- Connecting them to a similar desire they have (see above)
- Expressing a similar pain point
- Humanizing the issue
In short, always consider the audience and what is the motivation behind you sharing this information and why they should care about it.
The idea of urgency is tied around the call-to-action that you want to convey in your video. If a viewer sees it and there is not a sense of urgency, then they may not be compelled enough to act on the information given. To put it another way, show them there is a benefit in acting now as opposed to waiting to act later. Conveying a sense of urgency will be at its highest during a campaign with limited time and harder when it's for general content. For security awareness managers, many are looking ahead to October's awareness month for more concentrated conversations around the topic of online safety and is a good time to build that sense of urgency through friendly competitions.
Just as urgency is related to the call-to-action so, too, is ease. It's important that whatever action you desire for the viewer to take be made easy. If the audience is confused or frustrated in trying to do the call-to-action, you will annoy and lose them quickly. On top of that, winning their attention the next time will only be harder.
In security, this can be related to the importance of not only clearly communicating how to report a phishing, but ensuring that the ability to do so is easily implemented. Both of these elements lower the barrier to adoption.
What do you do if you have multiple calls-to-action (CTA) you want the audience to take?
Elisheva emphasizes it's important to only have one CTA. However, if there are several progressive actions to be taken, the CTA can simply be "Get Started" - a generic push to begin the process that will lead to consecutive steps where they will be led through each one individually. This goes back to the idea of micro-content spoken of earlier and how we can break down a complex idea into smaller, digestible actions, each with its own call to action.
A call to action is really just an end message. It can be "Join our cause" "Sign up for our course" . If that action has multiple steps, it doesn't mean you're having multiple calls to action. The problem with having more than one call to action is that people get confused and they forget what they're supposed to do."
Looking for awareness training that is short, relevant and engaging? Check out Wizer’s free security awareness video library.