Cybersecurity training should enlighten your workforce to current risks, and reduce the threat of cyberattacks within the workplace; protecting individuals, system networks and personal data.
However, research conducted in 2017 by the University of Adelaide, suggests that when the frequency of staff training for cybersecurity increased, the awareness of cybersecurity actually diminished.
So, how can you ensure that your cybersecurity training is going to work?
We’ve collated a few tips that should help guarantee your workforce stay conscious and aware of cybersecurity threats long after training has been completed.
• Rewards for Cybersecurity Awareness
Positive reinforcement was first advocated by the psychologist B.F Skinner, in the 1930s, who discovered that rats could be trained, through the use of food rewards, to push a lever.
Although this is a simplistic approach, it also works well with people. Rewards are exceptional motivators – they work within the home, in academia, and also, in the workplace.
Employees who demonstrate good cybersecurity awareness should be rewarded for their conscientiousness, and forethought, just as they would be in any other work based endeavour. Positive security behaviours could even be rewarded as part of performance reviews to encourage all employees to remain conscious over the long term.
• Continual Testing for Cybersecurity Awareness
Most companies that offer training also use tests immediately after training sessions to monitor the results of training. While this can show how well employees have absorbed information, and are often cited as being a beneficial learning aid, most companies do not use long term testing as a method for maintaining awareness and increasing knowledge retention.
However, a study conducted in 2008 that assessed the effects of testing on two groups of students, noted that those students who were tested after only one week retained less information in later months than those who were tested 16 weeks after training.
This research suggests that testing over an extended period of time can increase knowledge retention and improve efficiency of training. It may be worth considering increased testing, alongside any new training offered to staff.
• Anecdote Training for Cybersecurity Mindfulness
Training that utilises anecdotes, or story based, concepts can increase long term recall by up to 22 times according to Stanford University research.
Humans are naturally inquisitive and have always invented or told stories as a means of passing on valuable information. Sages, advisors, and gurus throughout the ages have told tales to listeners, in the form of parables, in a bid to raise awareness and keep information alive.
Training that uses tactics such as these are far more likely to have a lasting impression upon employees than a mere citation of facts. Stories that are humorous, poignant, or with which people can relate are all superb for increasing cybersecurity mindfulness.
• Independent Learning Reinforces Training
Adults often learn best when their learning is independent. Learning is a personal process that for some is best completed in the morning, or for others, last thing at night when all is quiet.
To facilitate this type of independent learning can be difficult for some companies, but finding a training provider that offers a flexible approach to training can be beneficial for learners and employers.
• Minimise the ‘Fear-Factor’ in Training
Not so many years ago it was widely believed that a little fear could go a long way in ensuring awareness in employees, but using fear is now a contentious issue in awareness campaigns.
Research shows that using fear can actually backfire if threats never materialise, while it is also true that users tend to act more cautiously when assessing potential threats, once they have received training on how to deal with them.
Instead of using fear based stories that revolve around ‘what if’ scenarios, try using anecdotes that offer entertaining (and therefore, memorable) accounts that capture the attention of learners. Real-life stories that have a relevance for the audience will be retained for a greater length of time.
Cybersecurity training can help employees stay aware of new threats and can minimise potential damage to firms. Ensuring staff remember their training will offer a greater chance for successful learning that is beneficial for all involved.