The majority of organisations treat Information Security Awareness training as a tick-box exercise, expecting users to absorb hour long power points or speaker lead training with overkill of information. For Learning at Work Week, we want to share our approach for a successful campaign comprising of on and offline resources, entertaining materials and content your users will actually relate to their day to day roles.
So how do we fix Information Security Awareness training so that we are doing it right?
Make it Memorable
Take a second to think back to classic fairy tales, I bet you can remember the entire plot from Cinderella, Little Red Riding Hood and Hansel and Gretel? You could probably even rewrite the book from memory.
When implementing an Information Security Awareness Training programme, take the classic fairy tales into consideration. They are so memorable because key points are easier to remember when told in a chronological story format. Most of us as a child would have related to the feeling Cinderella has when she couldn’t go to the ball because we had to stay home and complete our chores. Training should be no different, Paula from Business Development will probably completely relate to a course with a narrative of someone almost falling foul of a Phishing Scam.
Animation is eye catching and appealing to users. Typical eLearning in a powerpoint format gains engagement figures of between 8 & 10% due to the lack of visual stimuli.
A personal guilty pleasure is Despicable Me because it has a great mix of humour and animation, I find myself watching and rewatching the movie because I feel an affinity with the characters and the amusing scenarios in which they are placed. It’s a fact that when a learner finds content amusing, they retain up to 55% more information.
Consider using prize driven incentives to encourage uptake. Users are more likely to conform to compliance if they find it enjoyable, the use of prizes, competition and reward schemes has proven massively effective for us
Remember, your users don’t need to be able to recite the 8 principles of Data Protection, they simply need to know how to identify and mitigate potential security threats. Information overload leads to resistance from users, as they will feel they are too busy to take it all in whilst going about their day to day duties.
Avoid acronyms and technical jargon, you’ll be creating a learning barrier before you’ve even started. Ensure you keep each training session to three or four key messages, this way the information is concise, snappy and more easily retained.
Continual Reinforcement of your key messages is vital, greet users in every element of their day to day role with the learning points you need them to remember. Use visual representations of your training course at every opportunity: Posters, screen displays, emails, intranet, coasters or even giant balloons, the possibilities are endless and the novelty will never wear off.
Make the most of social media, you can repeat messages as little or as often as you like through multiple platforms and this encourages users to display those secure behaviours in both the workplace and at home.
If you are looking to implement a successful and engaging awareness campaign throughout your workfoce, please get in touch, where a member of our team will be happy to help!