Cybersecurity Awareness Month – Improving Communications

As technology and security professionals, we all get a ton of email. Some short, some long, and some simply unreadable. When we delete or file the latter, it occasionally comes back to bite us. Why? The ever-dreaded quote, “Didn’t you read my email?” The truth of the matter is, I didn’t read it and I probably won’t. It was unreadable.

To that end, we all need some help. We need help in writing better emails, regardless of technical content meant to request information, schedule discussions, solve problems, or to just basically communicate more effectively.

Improving Communications is a Primary Goal of National Cybersecurity Awareness Month

October is Cybersecurity Awareness Month and part of its key initiatives is to improve basic communications. So, with the support of my esteemed colleagues, we have put together this blog that minimizes reading, maximizes comprehension, and avoids obstacles and confusion from technical and security email communications. If we work off the assumption that everyone’s time is valuable, these recommendations will lead to great time and productivity savings across an entire organization and even with communications between partners and clients. It will help convey the basic communications many organizations lack due to social media, texting and even personalities. Therefore, consider email with the following traits to enhance cyber communications:

1) Goal - The goal with an email or meeting invite is to clearly communicate information with an economy of words.

• Avoid telling a story
• Focus on needs and expectations
• Set deadlines clearly

2) Brevity

• Avoid long paragraphs and blocks of text. If you find you’ve written several, you’re including too much detail.
• Focus on the issue, not backstory or related situations unless absolutely relevant.

3) Focus

• Bullet points or numbered lists are great for focus and readability.
• Numbers are helpful to provide a reference point for responses.

4) Clarity

• Use full and correct names. Abbreviations, nicknames, and first names only can cause confusion.
• Be sure to include clear expectations for resolution, including specific action items for named team members, partners, clients, and all parties.

5) Subject

• The subject line should be as short as possible but clearly summarize the discussion. There should be no ambiguity.
• Ensure the subject line is pertinent for the discussion and do not change it.
• If you change the subject line, delete unnecessary portions from the body and consider it the beginning of a new thread.

6) Use BCC

• When emailing externally, avoid including internal resources such as developers.
• BCC them if need be but some team members in every organization should not be forward facing.

7) Use action items

• Clearly indicate questions and action items (including dates and names).
• Do not ask general requests, no one will ever own them.
• If you don’t know what the action items are, perhaps a meeting is better. That might be a better purpose for the email request in the first place.

8) Summarize - If you forward a long email chain to someone, add a quick summary in at the top.

9) Meeting Invite emails

• Ensure the meeting title captures the intent. See email subject line guidance above.
• Attendees:
  • Invite only those that need to be there.
  • If you’re not sure who should be on there, find out. Talk to managers and leads.
  • If an attendee is not going to talk or be responsible for any actions, they probably don’t need to be there.
  • If someone is there “for visibility”, it is better to get them caught up afterwards with a summary or minutes.
• Include an Agenda
  • Vital to focus the meeting
  • Quick reminder of what the meeting is about, essential for busy people
  • Allows pre-meeting preparation to be performed by attendees
  • Avoids meeting subject creep. “While I’ve got you here….”
• Clearly state goals of the meeting:
  • What is its purpose?
  • Where do we want to be?
  • What do we want to solve?
  • Tie goals or discussion points to owners where possible.

National Cybersecurity Awareness Month is not only about technology. It is also about improving our security communications – making them more clean and concise. Having good writing skills is critical and being able to express them in an email everyone will read, is even better. Check out the rest of our Cybersecurity Awareness Month blog series.