1 / 28

Condescending Corporate Communication

Condescending Corporate Communication. How to stop talking down to people. Blogs. Credible but not convoluted Write with confidence and refinement but not too technical Conversational but not casual Genuine and clear without being too casual

bliss
Download Presentation

Condescending Corporate Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Condescending Corporate Communication How to stop talking down to people

  2. Blogs • Credible but not convolutedWrite with confidence and refinement but not too technical • Conversational but not casualGenuine and clear without being too casual • Understanding but not sentimentalUse language that is empathetic and helpful • Stay away from the acronyms

  3. ComplianceWeek does it right Paragraphs with no more than a few sentences Use dashes to draw attention Use contractions for easy accessibility

  4. Paper ISACA Jonline 2014 Volume 2: Security Policy—Keys to Successful Communication 

  5. Success • To be successful: • Know your reader • Write for that audience • Remember that comprehension varies – culturally, educational range, age, interest level Remember that the onus is on you to write for the reader

  6. Why this is important • ISO 27002: an adequate level of awareness, education, and training in security proceduresmust be provided and that employees, contractors and third parties are properly briefed on their information security roles and responsibilities prior to being granted access to sensitive information or information systems.

  7. Too often the reality is different The employee is left to his/her own devices to discover the relevant portions of a policy, read and then understand the contents lest he/she suffer the consequences of noncompliance. • This effort would be largely successful if policies were written in such a way as to facilitate understanding from the policy audience at large. Instead, many are written at reading levels that surpass the ability of the average employee to comprehend.

  8. Recurring Theme: Reading Level Key study (School Renaissance Institute and Touchstone Applied Science Associates, 2010) showed that that readers comprehend written information best when it is written at their reading level. Studies show that people comprehend at two grade levels lower than the highest grade level attained US Census Bureau – all surveyed regardless of working status

  9. Reading Level

  10. If only 25%-35% of the workforce will understand and comprehend the policies you write, doesn’t it make sense when they fail? Should we hold people accountable to policies that they can’t understand?

  11. Roadblocks to Comprehension • Research has shown that Acronyms and abbreviations are barriers to understanding • Fluency is an important and potentially independent factor that contributes to comprehension skills • This applies to language (ESL) • Fluency in technical jargon, such as acronyms and industry concepts, cannot be assumed

  12. Practical Example • My company employs around 1,400 staff • 65% are machine operators and other unskilled workers with no requirement for post-secondary education • The other 35% have at least some post-secondary education • Staff are scattered across the US • Policies are hosted on an intranet site (wiki) and training is conducted annually (CBT) • Hyperlinks used to: • connect policies to standards and baselines • define terms and point to other resources • show connections between policies • The intranet portal allows each employee to search the policies

  13. Intranet Cont’d • Policies are written at a 12-13 grade level • Procedures that support the policy are written at 9-10 grade level and associates are trained on them • Standards and Baselines are full of terminology and acronyms which are referenced via hyperlink

  14. How do you tell at what grade level you write?

  15. Flesch-Kincaid • System was developed for the United States Navy in 1975 to test the electronic authoring and delivery of technical information  • Used by the United States Army for assessing the difficulty of technical manuals in 1978 • Became the Department of Defense standard • Used in common word processors like MS Word • The Commonwealth of Pennsylvania was the first state in the United States to require that automobile insurance policies be written at no higher than a ninth grade level • This is now a common requirement in many other states • Two measurements used: Reading ease (chart below) and Grade Level (American grades)

  16. Gunning fog index • Developed by Robert Gunning in 1952 • Designed to determine the years of formal education needed to understand text on a first reading • Due to limitations in the formula, Flesch-Kincaid is generally preferred over Fog

  17. Coleman–Liauindex • Designed by Meri Coleman and T. L. Liau • Relies on characters instead of syllables per word • Advantage is that it is easier to automate the count of characters over syllables

  18. Automated Readability Index • Was designed for real-time monitoring of readability on electric typewriters • Like Coleman-Liau, uses characters not syllables

  19. PHP Readability Test Tool Readability results from the ComplianceWeek Blog post: http://vanamburggroup.com/tool-readability-test.php

  20. Word Lists • Oldest method used to determine reading comprehension • Top 1,000 words list (Wikipedia maintains) • Approach recorded as early as 2,000 years ago • Experimentally validated in early 1900s • Word lists are used to define writing styles for authors of Readers Digest and other magazines designed to be read by the largest audience

  21. Examples

  22. Georgia Technology Authority: Information Security Technology Risk Management Policy PURPOSE “Risk” is the net negative impact of the exploitation of a vulnerability, considering both the probability and the impact of occurrence.  “Risk management” is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.  An effective risk management process is an important component of a successful IT security program and an essential management function of the organization. The principal goal of an organization’s risk management process is to protect the organization and its ability to perform their mission. It fosters informed decision making, allowing the security management organization to balance the operation and economic costs of protective measures and achieve gains in mission capability. This policy requires agencies to take a risk-based approach to securing their information systems. POLICY Each agency shall institute an organization-wide risk management approach to information security that assesses the risks (including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction) to information and information systems that support the operations and assets of the organization. Each agency shall develop policies, procedures and select cost-effective controls (based on the risk assessment) that reduce information security risks to an acceptable level and ensure information security is addressed throughout the lifecycle of each organization’s information systems.

  23. Make it more readable Original text “Risk” is the net negative impact of the exploitation of a vulnerability, considering both the probability and the impact of occurrence.  “Risk management” is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. An effective risk management process is an important component of a successful IT security program and an essential management function of the organization. Slight modification “Risk” is the possibility that something bad or unpleasant (such as an injury or a loss) will happen because of being vulnerable. The amount of risk is determined by figuring out how likely the possibility is to occur and how bad it will be.  “Risk management” is how we identify risk, assess risk, and figuring out how to make it less likely that something bad will happen.  It is important for us to have a risk management program as a part of our IT security program and it is essential to have it in the organization.

  24. More from GTA Definition of “Access Management” • Access Management - The process responsible for allowing users to make use of IT Services, data or other assets. Access Management helps to protect the confidentiality, integrity and availability of assets by ensuring that only authorized Users are able to access or modify the assets. Access Management is sometimes referred to as Rights Management or Identity Management. Definition of “Malware” • Malware, malicious code, malicious software - refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Major forms of malware include but are not limited to: viruses, virus hoaxes, worms, Trojan Horses, malicious mobile code, blended attacks, spyware, attacker backdoors and toolkits.

  25. SunTrust Privacy Policy • Your privacy is our priority • SunTrust understands that financial information protection is important to you, especially in today’s online environment. With SunTrust's Privacy Policy, you can be assured that we use information responsibly to provide you with the services you request, and to make doing business with SunTrust easier and more convenient. • Three things to know about financial information protection at SunTrust: • Because trust is critical to a solid financial relationship, SunTrust outlines exactly how and when your personal information is used in our SunTrust Privacy Policy. (Note: Adobe Reader is required to view the privacy policy documentation. Click here if you need to download Adobe Reader.) • You may have different ideas and expectations about privacy, which is why our consumer privacy preferences make it easy to further limit how your information is shared. • Privacy and security are a must when banking online. Our online privacy practices explain exactly how SunTrust collects, uses and protects information about your online activity. • The most effective privacy protection is the precautions you take to guard your account and personal information. Review our privacy resources to learn how to protect your information.

  26. Google memo This Tuesday (1/21), the San Francisco Municipal Transportation Agency (SFMTA) Board will meet to vote on the proposed shuttle regulations we told you about last week. The hearing will take place on January 21 at 1pm PT at San Francisco City Hall (room 400). While we recognized that many of you won't be able to make it during the workday, we encourage any interested Googlers who live in San Francisco to speak in favor of the proposal (please RSVP here if you are planning to attend). While you are not required to state where you work, you may confirm that Google is your employer if you are so inclined. If you do choose to speak in favor of the proposal we thought you might appreciate some guidance on what to say. Feel free to add your own style and opinion. *I am so proud to live in San Francisco and be a part of this community *I support local and small businesses in my neighborhood on a regular basis *My shuttle empowers my colleagues and I to reduce our carbon emissions by removing cars from the road *If the shuttle program didn't exist, I would continue to live in San Francisco and drive to work on the peninsula *I am a shuttle rider, SF resident, and I volunteer at….. *Because of the above, I urge the Board to adopt this pilot as a reasonable step in the right direction

  27. Conclusion • When we use terms and concepts that cannot be understood, and we demand compliance, we appear to be condescending • Empathy is as important a skill when writing policies or other corporate communication as is a large vocabulary • It is important to know your audience

More Related