Cybersecurity Awareness Training Methods
Are They Truly Effective?
It’s the email everyone tries to avoid, but deep down, we all know it’s necessary. With the increasing number of cyber threats, this training is crucial to keeping the company safe. Even though people groan at the thought of going through it, staying sharp on cybersecurity is essential for protecting business data and operations.
The email that everyone is dreading has arrived:
To: user
From: Human Resources
Subject: Required Trainings
Yes! The dreaded required training that everyone must complete has arrived. The dreaded boogeyman himself: Cybersecurity Awareness Training!
“NOOOOOOO! Save me pleeeeeeeeeeease!”
End-user Perceptions
The above story is a dramatization of how non-technical end-users respond to Cybersecurity Awareness Training in any form. Most end-users find this training to be a complete waste of their time and effort. Meaning they haven’t been engaged by any of the training methods being utilized.
Our vISO has spoken with multiple non-technical users of technology concerning their perception of Cybersecurity Awareness training. He received answers like: “I’d rather go to the dentist.” or “It’s a total waste of time. I don’t understand what they’re trying to teach me.” Then, there is his absolute favorite: “Doctors should prescribe cybersecurity awareness training to insomniacs that don’t respond to medication.”
The Current End-User Approach to Cybersecurity Training
Have you ever watched a non-technical user “go through” cybersecurity awareness training?
1What a typical dual monitor desktop layout looks like during Cybersecurity Awareness Training.
This is what many of our end users are doing when they get their training videos. They get minimized into the furthest corner of a screen. The headphones go on, and they listen to the videos while they’re working. Oh, that quiz at the end of each section and the final quiz with the unlimited chances to pass it, yeah, they just keep retaking it till they get a passing score.
Engaging End Users in Training
Every person has a different learning style and learning environment that they engage and thrive in. Trainers need to find ways to engage their audiences, so they listen to what they’re being taught instead of just hearing it.
The Leadership’s Stance on Cybersecurity Awareness Training
Cybersecurity Awareness Training has been a topic of discussion among cybersecurity professionals and practitioners for a while now. Unfortunately, the pushback from the Board Room continues to be the same. Despite all the reported breaches and incidents, the new requirements set down in the latest compliance frameworks, and the increased requirements for cyber insurance, the boardroom members are still choosing to follow lean business practices to reduce expenses and maximize profits. The expenses associated with a cyber breach are far greater than the cost of developing and implementing an effective cyber awareness training program.
What’s the Solution?
The first step to solving any problem is acknowledging there is one.
The cybersecurity community offers tips on how to help re-engage non-technical users:
- Make cyber awareness part of your workplace culture.
- In-person training by third-party trainers.
- Engage non-technical users on their level.
- Additional training for specific roles.
- Gamification to make it fun.
- Reward positive cyber-related behaviors.
- Make cyber awareness training mandatory for Executive-level roles.
- Use post-training feedback to help develop and modify the training model and material.
Ready to improve your Cybersecurity Training?
Secure Data Technologies can help your employees embrace cybersecurity awareness. Contact us today to start securing your organization for tomorrow’s threats!
