How to write an email regarding IT Security that will be read, and not ignored by the end user?
A small trick I learned years ago - lay your email out like this:
Short Version
- Small number of very short succinct points
- If X, then you need to do this
- Else, then you need to do that (or don't need to do anything)
Long Version or Full Details
...and here you lay out whatever full version you want.
97% of your users will never read the long version, so make the short version count. However, the key here is that most users will read the short version if they're given a choice between that and the long version. When you put that "Short Version" section header in, you're enticing them to read that because they feel like they can "get away" with just reading the short version. It's, like, psychology or something.
Many of your users still won't read messages no matter what you do. I've gotten better hit rates with this method than not, though.
As @gowenfawr says many users will not read messages no matter what you do.
So, in cases when you need to guarantee that the message was delivered to the brain and not only inbox, or acted upon, what you need is a feedback mechanism.
This can be simple, using social approach - for example asking users an essentially fake question while providing information. For example if you are providing several methods to handle a certain problem you might ask them to tell you which one is best suited for their work or ask them to order them according to convenience and insist on the reply. People that do not reply probably did not read it and you can follow up with them.
You can go one step further and actually create a quick test they need to complete to prove that they "got the message" (this will cause complaints, but is effective and in case you get the green light from management this approach can really turn some things around).
I consider myself to have high technical skills, and usually find myself skimming or simply ignoring these kind of messages myself. However, I was installing a Google product recently that had the following header:
Please read this carefully - It's not just the usual yada yada.
Because of the light hearted nature of this, I found myself to read the docs thoroughly, and have started using this technique in my job.
I've found that users generally read administrative messages when a physical/psychological connection is made between the sysadmin and user. This, in Google's case, was a jokey remark.
Another method that has proven successful is adding interactivity to your message with a very clear reward for interacting. Something simple like "Would you agree with this YES | NO" or thumbs up/down for certain policies, and a reward of print credit, for example.