Crafting the right message to increase adoption
Far too often, changes to policies, processes, and protocols are communicated to employees as hard requirements, and forced upon the organization by the IT department. This often makes it difficult for companies to deploy new security technologies and receive positive user buy-in. Knowing this, and with a large deployment in mind, PNNL took a radically different approach, taking extra steps to properly communicate with their employees about the changes that were coming and the expected impact.
The PNNL deployment team carefully crafted messaging, and even provided messaging templates that managers could use when communicating with staff. The messaging focused on the usability, simplicity, and the improved user experience of the YubiKey. While the YubiKey is also more secure than the previous authentication process, strong security was a secondary message.
The PNNL IT team also conducted user testing before seeking voluntary early-adopters across the entire organization. This was supplemented by encouraging employees to ask questions in person and in real time rather than reading an FAQ or an email.
In an effort to humanize the changes, a widely-known and well-liked member of the IT team became the “face of the project”. All communications included the IT staff member’s photo, as well as images of the YubiKey, so employees became increasingly familiar with the new login and authentication process.
The deployment team also developed and used an online scheduling tool to streamline the YubiKey registration process for employees. The system sent out confirmation emails detailing appointment information for each employee including the items to bring for registration and identity proofing. These same emails were used to reinforce YubiKey messaging and benefits.