Improving Workforce Cybersecurity Behaviors
Since 2004, October has been designated as National Cyber Security Awareness Month (NCSAM). Many organizations use this as an opportunity to roll out annual cybersecurity training to their entire workforce. But is that training effective in initiating the behavior changes that keep your organization safe? What approaches can give you a better shot at building cybersecurity awareness and keeping it top of mind when employees are presented with a real threat? Here are some ideas to consider.
Focus on performance
To change behaviors, know what you want people to do when presented with a cybersecurity threat. Too often, cybersecurity training concentrates on technical topics, such as the names of the various attack techniques, without giving learners examples and practice with real-life situations that occur. Show learners what they will see during an attack. Present them with attack scenarios, asking them to evaluate and respond to the situation. Your employees do not need to be able to define phishing, but they do need to be able to recognize the techniques used to obtain sensitive information and take appropriate action when they see it happening.
Engage your employees
Compliance training is often dull and boring, causing employees to simply click through digital learning as quickly as possible or lose interest during facilitated sessions. Use stories, such as recent data breaches, and case studies to gain and maintain interest in your learning assets and events. Visually appealing materials, animations, and short video clips in digital learning can capture learners’ attention. Active discussions in facilitated events can keep learners engaged.
Make it personal
Make learning relevant to your audience by showing them why it is personally important to protect themselves and the organization from outside threats. Share the consequences of unsafe computing. If you are not comfortable discussing issues that have occurred in your own organization, there are plenty of well-publicized examples of how attacks have hurt other businesses. Ask employees to take personal responsibility for cybersecurity to protect themselves and the company. For example, you can ask employees if they have ever been affected by a virus or some other cybersecurity issue and how that changed their behaviors. Encourage employees to audit their own behaviors to identify ways to reduce risks and improve security.
Space it out
Learning professionals know that a single intervention once a year is insufficient to drive learning retention and behavior change. Research confirms that spaced repetition leads to better learning retention. Use Cybersecurity Month to kick off a year-long program that aims to foster a cybersecurity mindset in all your employees. Consider creating a series of short discussion guides on a variety of topics that managers can use during regularly scheduled meetings with their employees to reinforce formal training programs. Conduct “lunch and learn” events in cafeterias to reinforce cybersecurity training. Create infographic posters for common areas that share cybercrime data and case studies, emphasizing what those crimes cost organizations and individuals. Send out alerts for new threats found either in your own company or those seen in other organizations. Keep cybersecurity top of mind to create an informed, alert, diligent workforce.
Keep in Touch
Join Our Winning Team
Let’s Continue the Conversation.
Tell us how we can help you and we’ll be in touch soon.