Cybersecurity

Nailing security

With creativity and communications, Avon is building a “human firewall” around its data. Brunswick’s Giovanna Falbo and Phil Morley report

With almost 30,000 Associates around the world, international beauty company Avon coordinates a network of millions of direct sellers and many millions more customers. Increasingly, all that activity is on digital and online platforms, raising the company’s need not just for basic data privacy rules, but for a leadership role on cybersecurity awareness.

CEO Sheri McCoy and her team recently launched Be CyberSafe, an internal campaign to build a “human firewall” around Avon’s data. In a roll-out video, McCoy says, “Our business is built on trust. It’s at the heart of everything we do.”

Building on that trust, the company’s goal was to move the topic of cybersecurity from a shadowy liability to a strong, visible asset. The best way to do that was by empowering the business’s Associates at work and at home. Everyone has an email address or mobile phone and can benefit from learning how to make their information more secure.

Behind Avon’s initiative are studies that show breaches are often triggered not through a weakness in tech defenses, but through employee error. PwC reports that worker actions led to about a third of all breaches in 2015. Others put that figure much higher.

Lost laptops, phones or USB drives, duplicated passwords, and clicks on links that contain a virus are some of the more common lapses. In one striking and increasingly frequent scam, some companies have lost amounts into the millions of US dollars when an employee, complying with what appears to be an email from their CEO, delivers funds to a fraudulent account.

Since employees are on the cybersecurity front line, they are positioned to become a company’s first and arguably best line of defense. Former New York City Police Commissioner Ray Kelly, now Vice-Chairman at investigative consultancy K2 Intelligence, said in a recent interview in The Wall Street Journal that companies can do more to stop intrusions caused by “employee carelessness” by initiating “robust training programs.”

For Avon, this meant creative communications involving wit, memorable messages and strong visuals, all to humanize the topic.

In pursuing active engagement on cyber safety within all parts of the company, the Avon team knew from the outset that it had to change not just what Associates think about cybersecurity, but how they feel about it in order for the messages to sink in. That required an inspired campaign, with as much thought about graphic design and presentation as message content.

Cybersecurity is often viewed as a dull and dry subject. The team knew it would have to distill the campaign’s messages and use a creative approach in order to strike the right balance of advice and accessibility. “Creativity is needed to engage people emotionally,” McCoy says. “We want to shift the mindset from compliance to commitment. To do that, the key lever to pull is creativity.”

The Be CyberSafe campaign used the color yellow, associated with caution, on posters and in videos, some of which featured distinctive yellow nail polish. “In the end, it had all the attributes we want in our brand: witty, warm and welcoming,” McCoy says. “The idea behind the yellow nail polish was to illustrate, in a creative, playful way, that cybersecurity was literally in the hands of our Associates.”

In the roll-out video, McCoy painted her own nails the campaign’s signature yellow to address the company. The moment clearly positioned the campaign as a company priority, while at the same time setting a lighter tone that helped secure everyone’s involvement.

Associates were encouraged to take part in a “Polish Pledge,” painting their own nails at work. The activity became a cornerstone of the campaign, highlighting its messages and creating a viral awareness as office talk naturally turned to the brightly painted nails. Associates posed for photos and posted them on Yammer. As part of the normal workday, the activity served to acknowledge and accommodate Associates’ busy schedules, while still breaking through the volume and frequency of their normal communications.

Published on multiple channels, the team worked hard to simplify the cybersecurity message, avoiding tech jargon and focusing instead on basic behaviors, broken into four themes: general awareness, appropriate email use, safe online browsing and protecting sensitive information.

Even in the campaign’s early stages, Avon’s surveys showed a 15 percent increase in the perception of cybersecurity as the responsibility of individuals rather than the IT department.

A big part of the Be CyberSafe campaign reminds Associates how to keep personal information – not just company data – safe and secure through awareness and good habits. 

"Associates are just as vulnerable at home as at work,” McCoy says. “With these steps, they’ve learned how they can protect themselves, and the company, in both areas of their lives.”

Giovanna Falbo, a Partner in Brunswick’s New York office, leads the US Employee Engagement practice. Phil Morley is Director of Employee Engagement at the firm’s creative agency, MerchantCantos. Additional reporting by Eleanor French, an Associate in New York.

Download (123 KB)