Five Easy Ways to Improve Readability for Cybersecurity Content Providers
In part one of this blog, Cybersecurity Content IS Hard to Read: Here’s Proof we shared our research on cybersecurity readability and it revealed that most cybersecurity content is hard to read. Even within a company, different product lines or business units scored different readability scores, which indicates that the opportunity for improvement is significant.
In our role as a business communication partner, we understand the importance of persuasive business communication – both words and pictures. We strive to push our clients to focus on readability and comprehension as key metrics in developing any kind of communication.
Here are our top five ways to improve readability in the cybersecurity sector.
1. Use plain English.
Cybersecurity experts are well-educated and are comfortable with technical language. Alas, readers don’t share this expertise. Too often, technical language is used when plain English would work better. Plain English is so important there has been legislation requiring some industries to adopt plain English standards. This article summarizes the key aspects of the movement and why it’s so important.
Meanwhile, a few cybersecurity examples – the original and our rewrite. Note: the plain English version includes mini-summaries to reinforce the benefits of complex ideas.
Their content: Our security approach allows organizations to proactively set up enforcement mechanisms via scalable encryption and segmentation approaches; enable predictive analytics that uncover malicious intent as early in the attack lifecycle as possible, and deliver prescriptive guidance so analysts can take remedial action. Our security solutions support out-of-the-box automated integrations with the rest of the infrastructure while also delivering the necessary decision support data to the human analyst.
Plain English: Our approach to scalable encryption and segmentation lets you establish enforcement rules proactively. That means you can anticipate where attacks are likely to happen. Predictive analytics reveal malicious intent early and provide essential guidance for rapid remediation, accelerating your ability to take action. Out-of-the-box automated integrations deliver data that speed decision-making. Our solutions are designed to provide information to help you make informed decisions faster.
2. Eschew compound sentences; furthermore, if you’re using a semi-colon, you’ve already lost them.
See what we did there? Most content is read digitally. That means it’s held in someone’s mind for a remarkably short period of time. Complex sentences make it more difficult to absorb the content because there’s too much to absorb. This is a great article on when and how compound sentences work. Here’s an example that shows how slowing down just a bit allows you to deliver more punch while increasing readability.
Their content: The [product] leverages artificial intelligence (AI), machine learning and automation to provide improved cyber threat prevention and remediation, while offering visibility across all endpoints for better management and control.
Our rewrite: The product uses artificial intelligence, machine learning, and automation. The result is improved cyber threat prevention and remediation. In addition, it delivers visibility across all endpoints for better management and control.
3. Chunk. Digital readers are scanners.
We like this summary of the difference between digital reading and traditional reading. Digital readers jump around a page, looking for information that grabs their attention. That means content creators need to do a better job of creating nuggets of information that can be quickly scanned. We call it chunking.
We’re doing it right now by creating this list of five things. You can scan the five things in bold and then decide if you want to know more by reading the paragraph below each numbered item. Further, we include examples to improve cognition because people learn differently. The next item on our list also addresses the needs of different learning types.
4. Visual communication is essential.
While you can’t test a visual for readability, it doesn’t matter. Many people are visual learners and need visual information to supplement what they’re reading. There are many ways to represent your content visually, but in cybersecurity, one of the best ways is the infographic.
Done well, an infographic should tell your story in chunks (see above), and components can be extracted and used in presentations, public relations, and social media. It’s an asset with a long tail and a worthwhile investment. Neil Patel has collected five case studies that demonstrate how powerful visual communication delivered meaningful business results.
5. IFYKYK, enough with the acronyms already.
Ahhh technology. Other than the government, has there been an industry that relies so heavily on acronyms? Okay, we might be exaggerating, but let’s accept that acronyms are littered throughout cybersecurity content. It’s not that acronyms are horrible, but they do reduce readability and understanding.
The net effect of acronyms on comprehension is that they are like reading speed bumps. Some people slow down to try and understand and others speed up and fly over them because they can’t be bothered. Either way, you’ve created an unpleasant experience that impedes forward movement. (Question, do you know what IFYKYK means, or did you just skip it? It’s the first word in the #5 sentence.) If you have to use them, use them sparingly and closer to information that’s less important.
Here are a few examples of how to pivot and use alternatives to solve the problem. The main point is to focus on comprehension rather than packing the sentences with all the junk.
Their copy: Endpoint detection and response (EDR). All types of endpoints, including Internet of Things (IoT), industrial Internet of Things (IIoT), and Internet of Medical Things (IoMT), need to be monitored and secured. A robust EDR system is often the go-to tool used to deal with attacks that land on an endpoint.
Our rewrite: Endpoint detection and response. All kinds of endpoints need to be monitored. That includes those considered part of the Internet of Things (typically consumer), industrial, and medical-connected devices as well. To secure these endpoints, organizations need a robust endpoint detection and response solution.
Their copy: Security orchestration, automation, and response (SOAR). SOAR levels vary across areas such as onboarding, SIEM systems, detection, investigations, analytics, alerts, workflows, and response and remediation actions. A few MDR providers use bots for triage, investigation, and analysis.
Our rewrite: Security orchestration, automation, and response includes all aspects of cybersecurity automation and response. It includes set-up, managing security information and event management systems, detecting security threats, and investigating incidents. It also encompasses analyzing data, managing alerts, creating workflows, and remediation. Some managed detection and response providers use bots to help with tasks like triaging, investigating, and analyzing security incidents.
Creating content for cybersecurity is a challenging and interesting job.
We hope these tips are helpful. We know there are always exceptions that require different solutions, but with comprehension as a priority, your readability scores will improve, and hopefully, so will your sales funnel.
If you’re ready to improve your content, we’re ready to help. Through words and pictures, we will elevate your brand, clarify your value, and increase engagement. It’s as easy as starting with one project so you can evaluate our contribution.
To get started, contact Jennifer Throop, VP, Sales and Marketing, who will work with you to define the scope and answer your questions.
At Altitude, we’re focused on creating content that delivers the ‘most relevant information’, in the shortest amount of time.