Nuspire: Building an Impactful Employee Advocacy Strategy in a Sensitive Industry

Cyber security is an industry built on discretion. On keeping secrets. On building relationships with clients who hold you and your company in their deepest confidences. Which can of course be a challenge when it comes to spreading the word, networking, and building up positive brand awareness online. But that isn’t to say that Employee Advocacy can’t still play a role, if done thoughtfully, and in the right way.

On “Masters of Comms,” Lamar Williams, Partnerships Manager at Sociabble, was fortunate to chat with two experts in the field from our client company Nuspire—Francie Dudrey, Senior Director of Content Marketing & Corporate Communications, and Rebecca Schloesser, Corporate Communications Coordinator—who shared their secrets to building positive brand awareness in a sensitive, clandestine industry.

MOC: Before we get started on the subject of the day, could you give us just a brief overview of who Nuspire is, and maybe a little more background on your industry?

NUSPIRE: When somebody hears “cyber security,” they wonder, is it a firewall, is it antivirus? What even is happening here? And the truth is, cyber security is an industry that runs the gamut, and Nuspire functions as a managed security services provider. So what does that mean?

Basically, we work with organizations and serve as an extension of their team, because the vast majority of companies, particularly when you’re talking about small, medium, mid-size, don’t have all the resources to monitor their environments 24/7. They don’t have a security operation center, or they’re not able to staff up enough for monitoring. And part of the reason is because there’s a massive cyber security talent shortage, so finding people is tough. And then if you do find people, it is extremely expensive to hire them.

So we have all the experts on hand, and we support those organizations with anything they might need—for instance, monitoring all of their endpoints. We also might manage detection and response, and we can scan their environment for vulnerabilities.

MOC: There must be a certain level of sensitivity that needs to be accounted for when it comes to something as simple as sharing on social media, then. Can you tell us your reasons for recently deploying an Employee Advocacy program at Nuspire?

NUPSIRE: At Nuspire, it’s really important for us to strengthen our digital culture, so we can attract and retain talent within the cyber security industry. We’re fortunate that our senior leadership team has supported our efforts to strengthen Nuspire’s social media presence, and they’re the reason that we’re able to advocate for our brand via employees.

Social media is obviously a very tricky place. Lots of crazy stuff goes on in social media. I worked for an organization that would look at every single social post and have to approve it before anybody put it up. And for me, that stifles agency and creativity, and people were really put out by it.

So what was the point in posting? They didn’t want to go through that process. Now granted, it was a publicly traded company, so there were certainly some concerns there, but we at Nuspire are not. And so we wanted to enable these folks to feel confident knowing that they could share their love of working here freely, without worrying about any sort of repercussions.

People want to come to an organization where they feel supported, and in order for us to create that kind of an environment, we have to give them the flexibility they need.

I think the benefits certainly outweigh the risks. People want to come to an organization where they feel supported, and in order for us to create that kind of an environment, we have to give them the flexibility they need. With this Employee Advocacy program, one of the things that we lacked in terms of branding was getting our word out there, our name out there, from the employee perspective. And we didn’t know how we were going to do this in a way that makes it easy for them to share content about Nuspire without having to, you know, send an e-mail, “Hey, share this on your feed.” It’s just not a good experience.

And so that’s why we looked at a platform like Sociabble, where we can put all of the posts that we would love for employees to share right there in their app—they can easily click a button and share it. And I think that has given them a sense of pride, that they can support and promote Nuspire, but also that they don’t have to worry about whether or not what they’re posting is sensitive.

MOC: That’s great. And with such an important objective to your strategy, what were some of the elements that you put in place to truly engage your employees? Could you provide us maybe with some best practices, and also some of the results?

NUSPIRE: When we were addressing our internal communication system and evaluating what we wanted to do with our internal communications at Nuspire, we quickly realized the importance of consolidating systems for employees. Instead of having content spread out across Facebook and LinkedIn and e-mail and chats, we decided to bring all those communications systems together into one platform that integrates the applications employees like to use. So aggregating all that content into one portal allowed us to diversify the content for employees and simplify their social media experience at Nuspire.

And as a result, it simplified their employee experience as well. When thinking about how to engage employees on the platform, we looked at how technology supports the content that we have. We take full advantage of the technological capabilities of our internal comms platform to customize content to our viewers and our users. That means using audience tools to get the right content in front of the right people, creating gamification systems that rewards employees for participating in certain events and posting and sharing, and creating a newsletter and notification system that reengages employees when they’ve started to become less engaged on the platform.

When we combined all of these things together, we created a positive relationship between the user and the platform, and as a result our internal engagement skyrocketed. We were able to double the number of employees viewing our internal newsletter within a couple weeks of launching this platform. It’s been a huge endeavor for us. Yes, we’re always looking to improve, right? So one of the things that we’ve been doing is making sure that we do these pulse checks with employees, with our brand ambassadors, with our senior leadership team, to make sure that we’re doing the things that we need to do to accomplish our goals—and then we can make changes.

That’s what’s great about the platform we use. It’s very user-friendly in the sense that we can make adjustments on our end for the most part without having to go to the vendor to make those changes. So it’s an agile approach to employee communication and engagement, which I think has been extremely valuable for us.

This was a big change for us, and big changes are often not well received in companies, regardless of how cool it is, because people are set in their ways, and they think: “Oh, God, one more thing that I have to learn and do.” So there’s always going to be some of that resistance. And the key for us was to roll things out in phases, so that it wasn’t all at once. Here you go. Let’s start using this platform. Let’s do X,Y, and Z. Let’s first just get used to the fact that it’s there and then we can start adding on. And then employees feel more comfortable with the platform as they ease into it versus, you know, getting smacked across the face with all this new technology.

MOC: You were talking about senior leadership before, and I would assume their posts may help also in capturing new talent—but I’m sure that’s not the only element. So when addressing a competitive domain for talent, what enables you to stand out from others in the market, and can you share a few examples of what you’ve done?

NUSPIRE: This is perhaps one of the biggest challenges in cyber security today. As I alluded to in the beginning, there is a cyber security talent shortage across the world. I think the latest data I saw was 2.5 million job openings in cyber security, all as we see the number of threats and the complexity of threats increasing. That tells you, “Oh my goodness, we need more people to get into cybersecurity.” Here’s the thing, though: a cyber security analyst, for example, they can come into an organization and command basically what they want in terms of a paycheck. They have that selectivity that not a lot of people have. So if they come into an organization that’s going to work them to the bone, and has a toxic work culture, they’re going to say, “Absolutely not, we don’t want any of that.”

So one of the things that they look at is: how does an organization speak publicly? How does it treat its employees? What are its employees saying about this organization? That is something that these folks are looking at intently, and that is why we have worked diligently with our executives to be supportive of this and help amplify some of the efforts that we’re doing—so that we can communicate in a meaningful way about what’s going on internally and why someone like a cybersecurity analyst would want to come work with us.

I think cyber security certification is another important thing. Training certification dissuades a lot of people from getting into cyber security, because they think, “Oh, gosh, you know, I’ve got to have all this certification. I don’t have the funding to do that, it’s too hard, I was in a completely separate industry. There’s no way they’re going to hire me.” Here’s the thing for us: we look at aptitude. We don’t necessarily look at checking all these boxes. We want to know: can they learn? And so we offer a lot of that training, to help new hires get up to speed and learn the industry. And I think that’s very attractive.

This is one of the reasons why […] addressing Employee Advocacy: because we know that people look at what employees say about their organizations before they make a decision to apply for a job or to accept a job.

I can tell you a little anecdote. We have a cyber security analyst who was a carpenter before he got into this industry. I think for eight years he was a carpenter and decided that this is something he’s really interested in. And he’s been at our organization for a while now. He actually has his own YouTube channel, talking about getting into cyber security because he’s so passionate about it. So I think this is a huge focus for us. This is one of the reasons why we wanted to take a stronger look and really take some deep measures in terms of addressing Employee Advocacy: because we know that people look at what employees say about their organizations before they make a decision to apply for a job or to accept a job.

On top of that, we would say that there’s a big push at Nuspire to be very accommodating when it comes to remote work and flexible schedules, because when the workforce changed a couple years ago, Nuspire decided to adapt with it. We decided to integrate our social media with an intranet to create a virtual water cooler environment, to facilitate those meaningful connections that you would receive in an office, but in a remote work setting, which has really helped our employee culture because remote workers don’t feel like they’re missing out on anything. So that has also been a huge factor in retaining talent and recruiting talent, offering a remote or flexible schedule.

MOC: It’s great to see that you’ve built such a strong culture—a strong culture for sharing, which we find is extremely important. And yet cyber security is really a sensitive industry. One question I would have for you is how do you mitigate against fake news or sensitive leaks from your employees?

NUSPIRE: For us at Nuspire, we are all about accuracy and transparency. Those are ideals we embrace, and we’ve seen that by following this strategy, we have happier, more engaged employees. Often times when you see folks leaking information or posting things that are maybe a bit off brand from what a Nuspire employee should be saying(or any employee for that matter), it’s coming from people who are not happy with their workplace, who have an axe to grind, and this is an avenue for them to shout that out. So we understand that, and that’s why we offer curation, through our platform, Sociabble—we curate news stories. 

I have someone on my team who used to work at CBS, he knows fake news versus non-fake news, and he actually curates all the news for the day. It allows for folks who are on the social platform to share externally those particular articles. So they know it’s ok, if this is in the employee advocacy internal platform, it’s already been vetted. We’re good to go. We don’t need to be worried about posting something that is false or untrue.

I think that gives employees an added level of security, knowing what they’re posting is above board. And when it comes to internal security for our systems at Nuspire, our teams are highly collaborative. We’ve collaborated with our IT and internal security teams to confirm and audit that the platform that we use has been built to protect us from any potential external threats. We’ve also created systems that require marketing to frequently speak with our security teams, to ensure that specific employees have the correct information that they need. For example, somebody who might be higher up may not necessarily need to see information for entry-level employees, things like that. Additionally, we always leverage single sign-on and multi-factor authentication as a company standard for all of our virtual tools.

MOC: It definitely sounds like security is really something that’s embedded in your organization. But now for our listeners who want to start or are launching an Employee Advocacy program, could you provide them with your main recommendations to successfully implement a program?

NUSPIRE: I would be happy to, because I have experience on how to NOT implement a program, and that is by having middle management start a culture initiative without support from the senior leadership. We tried to do that once at a different company, everybody was really excited about it, but our senior leadership wasn’t singing from the same songbook, if you know what I mean.

So here at Nuspire, this was driven by our CEO. When we do updates on this program, he’s the one who’s asking all the questions and wants to know how things are going, and he’s the one who’s sending us notes about have you thought about this, or what about this, or great job guys. Having that involvement and that commitment from senior leadership is critical. Doing something like this without it, it’s going to be a lot harder to get by. So that would be the first one that I would say.

We also created the Brand Ambassador program, and they got a sneak peek at everything, so they knew ahead of time what was coming.

I think the second one, and I talked about this a little bit already, was to roll it out in phases and start small. Employees have a lot on their plate, especially in our industry, and with cyber security, there’s a ton of different applications and technology that folks are using. So when we add one more, there’s often that feeling of “Oh, yet another one.” So to avoid folks getting overwhelmed with something that we want to be an integral part of their day-to-day, at Nuspire, we do it slowly.

We started priming the pump early, letting folks know it was coming. We did an all-hands giving an idea of how it’s going to work. We also created the Brand Ambassador program, and they got a sneak peek at everything, so they knew ahead of time what was coming. When we launched it, employees knew that they could go to brand ambassadors and ask, “What even is this? How do I do this?”

We actually like trying to manage questions from our hundreds of employees. In fact, we created lieutenants that could do that. So now and then, we’ll add new things. We’ve started our Nuspire Olympics that we just rolled out. We didn’t do that the first day, we didn’t do that the first month. We let people get accustomed to using it and then we added it. So I would say take a staggered approach when you’re rolling out your program.

Also, I think this is important basically with anything you roll out: regular feedback. We often are in our own little silos. We need constructive feedback. There are other types of feedback that are not so welcome, and we get that, too. But typically, we’ll act on feedback that somebody has put thought into. I think sharing the road map across the organization is also important.

Letting folks know what’s coming so they understand that this isn’t just some flash in the pan initiative that’s going to go away next year. We actually have plans for the future, and this is what they’re going to be. And hey, by the way, what do you think of these plans? And if you have additional thoughts, let us know. So those are the top three things. Get support and buy in from your senior leadership, roll it out in phases, and then get regular feedback.

MOC: Well, thank you for joining us, and for responding to our questions today.

NUSPIRE: Thanks for having us. This was fun!

Discover more Masters of Comms episodes here.