Is Security Awareness Training getting outdated?

Posted by Ragnar Sigurdsson
Find me on:

security-awareness_white

 

You are responsible for security awareness training, but you are not a teacher. Am I right?

So why are you responsible for training, when it is your responsibility to protect the company's data?

The truth is, hackers, like most people, tend to choose the path of least resistance when they compromise the security of organisations.
 
This path is very often through people, and cyber security threats are exploited through human behaviour. It is usually the uninformed employees that lead to the breaches.
 
Unfortunately human behaviour is predictable and we are thus vulnerable to attacks.
 
The good news is that through training and awareness the risk from these threats can be reduced.
 
Back to the training part. What you need to understand is that some of your employees are lazy.
 
They might recognize that security awareness training is essential, but they want it to be over as fast as possible.
 
Employees don't want to struggle to read and digest boring security awareness text. They want to be able to understand it quickly and efficiently and continue with their day-to-day job.
 
Just because they want to absorb this content quickly doesn't mean quick training programs are ineffective.
 
A video, however, is a tool that can take your security training from boring to exciting.
 
30 seconds of video is capable of conveying much more information than any text.
 
Videos have been used for marketing purposes for some time now. According to HubSpot, video is here to stay [1]. YouTube is also the world's second largest search engine, which supports that.
 
According to an  report from HubSpot Research, 54% of consumers want to see videos from brands they support. [1]
 
branded-content-people-want-chart
 
So it's strange, then, that some people don't understand how useful it is to include videos in their training program.
In the same way, people use images to separate points and make text easier to understand, people use video to hold people's attention.
 
Especially when an employee needs to go through several security awareness topics. (Remember I said some employees are lazy when it comes to security training.)
 
When people are presented with a wall of text, the first thing they will do is try to avoid it and find excuses for not participating in the training.
 
Even if your security study material isn't as long as in other companies, if it looks too difficult to read, they are not going to bother.
 
Even though the actual study material is the same, which of the two pieces of training below would you like to take part in?
 
Example 1:
Everyone makes mistakes. Even as simple as forgetting to shut up the faucet... or sending an email to the wrong person. But it‘s what you do next that matters. If you lose, or leak classified information. It is your responsibility to report it, even though it was an accident or not even your responsibility... By not reporting the leak your company might be liable to fines or get other people into trouble. Be extra careful when working with personal information even if only one record leaks out it can have severe consequences for that individual and can lead to hefty fines for the company.
 
Or example 2:
 
 
The video is infinitely easier to consume and comprehend.
 
According to HubSpot, video content was the most memorable (43%) in comparison to text (18%) and images (36%)[1]
 
most memorable content
 
This is good news because you want people to remember the training material and be able to put their training into action.
 
The attention competition
 
We all know there is a massive competition for peoples attention today.
 
Just because a video is easy to watch, it doesn’t mean people will.
 
But, the shorter the video training and by using effective storytelling, you will get more people to complete the whole training versus just a few seconds.
  

So why aren't you using video?

 

Get your copy of The Essential Cyber Security Awareness Checklist! DOWNLOAD NOW!

 

Topics: GDPR, security awareness, data protection officer, dpo, video training, awareness training