Making employee security training engaging
If you want employee security awareness training to work, you need to learn how to engage your audience. Here’s how.
Know your audience
Messaging matters, and effective training programs tailor their content to their audiences.
“The message is different for a group of government internal auditors than for a room full of COs from large companies,” Security Mentor’s Lohrmann said. Other factors to consider include jargon, current hot-button issues, the order in which speakers or instructors appear and topics to broach, along with preparing for questions that are likely to be raised.
Motivate for change
“This is all about understanding culture, communication and emotion,” said ISACA’s Spitzner. “Unfortunately, a lot of technical people are not strong in this area; this is where you need communications or marketing majors.”
Unleash your inner storyteller
Droning on about the technical aspects of a cyberattack is a surefire way to lose an employee’s interest. “Audiences love cyberwar stories,” Lohrmann advised. “People remember stories much more than facts and figures.”
Make learning interactive
Get the crowd involved to help employees retain the material presented to them. At the very least, ask for a show of hands and pepper sessions with questions for a more engaged audience, said Lohrmann.
Stay relevant
Ever walk out of a training session without learning something new? Avoid this by presenting content “in a fresh way with a new twist, facts, figures, stories, etc.,” Lohrmann advised. “Offer fresh insights or practical tips that the audience can implement right away to help at home and work.”
Quantify results
What is the point of raising staff security awareness if a program falls short on the “awareness” part?
“You need the ability to measure those changes in behavior and the overall impact those changes are having to your organization,” cautions Spitzner.
Effective online training
The secret to good and effective online training is keeping it “brief, frequent and focused on a single topic,” Lohrmann said. Additionally, it should be ongoing to help users keep up with the latest trends. Echoing some of the themes above, it should also be engaging, entertaining and interactive.
Source: eSecurityPlanet