In the advertising world, there is an acronym called TOMA. TOMA stands for Top-of-Mind Advertising or Top-of-Mind Awareness. This is defined by Marketing Metrics as “the first brand that comes to when a customer is asked an unprompted question about a product or service category.” This can be thought of as the most remembered or most recalled brand names. A well-known example of this would be Band-Aid brand adhesive bandages. These have achieved such broad TOMA that the brand name of the product has become the word that almost everyone uses by habit when asking for the product.
That is the ultimate goal in developing TOMA – to make the product or service become so ingrained in the mind that recalling that association becomes a habit. A habit is a fixed way of thinking, acting or feeling acquired through previous repetition of mental or physical experiences. About 43% of our daily behaviors are performed out of habit. New habits can be formed at any point in your life. Bad habits can also be broken at any time.
If one digs into the process of creating TOMA, there are certain key foundational events that must occur in order to build this top-of-mind awareness. It starts with repeated exposure to an idea, product or service. The exposure is designed to build trust. People tend to not trust until they are exposed to an idea or product at least 7 times. And people won’t develop a sense of commitment until they fully trust the ideas presents.
Our sales and our marketing teams certainly know how to develop their programs to inform customers and prospects about the benefits that our emplyer can bring to their business. The sales process is designed to develop trust between two parties ideally leading to a sale. Our executive team develops goals and objectives for the organization and communicates those objectives to everyone with the intent that employees buy into those goals. This leads to growth through the realization of those goals. No team can expect that the target of their programs will fully understand and implement though a single communication. Everyone understands that awareness comes through repetitive communication and learning.
The security team has similar objectives when it comes to developing security awareness and making sure that everyone within the organization develops TOMA around everyday security best practices. That won’t happen with a once-a-year awareness training alone. Understanding the risks involved with our daily operations and the impact that lax security practices could have on the organization happen overnight. It takes time and purposefulness. We all have a lot on our plates. Making time to “consider the risk” in our day-to-day activities isn’t something that’s a top priority. It doesn’t have to be, but we need to exercise those analytical muscles daily as part of our normal activity. We unconsciously do this already in many areas of our daily life – while driving, crossing the street, eating, you name it. Every activity we undertake has risk and humans have gotten proficient at rapidly evaluating that risk without a second thought.
Cybersecurity risks are a relatively new thing in human evolution, so it makes sense that it will take time to train our minds to rapidly analyze these types of risk. Just like touching a hot stove quickly teaches us about that risk, failing in cybersecurity teaches us lessons as well. Each of us can develop a security-first mindset by learning about the risks that face us in our daily lives, analyzing those risks and adjusting our behaviors to avoid letting the malicious actors exploit those risks. Best security practices are simply responding to a particular risk in a manner that prevents unintended consequences. It takes intention and practice but before you know it, it becomes habit and part of your normal routine. Stay safe our there!
