1. Keep it Simple

Phishing in Action example

Most users don’t need to become experts or even need much technical know-how in order to be security aware employees, so don’t try to overload them with technical jargon, complex diagrams or lots of intimidating cyberspeak. Keep things simple by teaching the basics in easy-to-understand language. For example, not everyone understands what ‘social engineering’ is but everyone understands what a con artist is. So teach about the dangers of social engineers by making real world comparisons to con artists and scammers to drive the point home.

Mobile Stats Infographic

Simple way to convey lots of information

 

 

 

 

 

 

2. Make it Engaging

Viruses and Malware

Engage the users by having them click through different parts of a slide.

Would you want to just sit and watch a 45 minute power point presentation? No! Nobody wants that. Think about what kind of training would keep you engaged and listening and create the same thing for your users. Videos, fun graphics, simple diagrams, and interactive learning games are great ways to make your training program effective. Also, keep things short. It’s better to have several ten minute training modules over the course of a few months than one over-long, boring, tedious training session once a quarter. Remember that your users’ time is valuable and that they want to be entertained just as much as you do.

 

3. Make it Personal

Family and Home Security

Top 10 List of To Dos for Family Security Awareness

Remember sitting in biology class and thinking “none of this relates to me, so why should I care?” but then the minute the teacher shows how looking at genes you can figure out which parent gave you your green eyes and the likelihood of inheriting your dad’s male-pattern baldness? It’s the same with security! Bring the message home, relate it back to their personal lives and families and users will remember more of the message and put more into practice than if you just talk about everything from a high-level corporate point of view. For example, talking about data breaches in terms of the money your company could lose is fine but the message will hit your users harder if you talk about how many people suffer identity theft after a data breach, how much money individual families can lose after having their identities stolen, and how their children can even become victims before they turn the age of 18.

 

 

 

4. Rinse & Repeat

Security Awareness Advertising

Security Awareness is like advertising. In order for the message to stick and for the user to take action, it’s got to be in front of them multiple times during a year. Once a year training is not enough. Quarterly training is okay but monthly and/or weekly reinforcement is even better. Treat your SA program like a marketing campaign using monthly newsletters, screensavers, posters, weekly email tips, videos, quizzing and learning games to engage and educate your user population. The more the see the message, the longer it will stay in the forefront of their minds and the better their behavior will be.

The Security Awareness Company

With over 25 years of industry experience, we serve both small & large organizations to create successful security awareness and compliance programs on an international scale. Our team is a strong, creative powerhouse with a passionate vision and we consistently produce on-trend end-user training materials of the highest caliber.

Latest posts by The Security Awareness Company (see all)