Ultimately, immersing your employees in an experience will improve their
behavior. With that said, here are ways to make your immersive security
awareness engaging.
Start simple: For the average user, security concepts are difficult to grasp, so start simple! Sending a beginner down a black diamond trail is a good way to turn them off of skiing forever (or worse, get them injured). It's the same with security. Don't trip up your users by starting them off with complicated concepts – get them on the beginner slope.
Start simple: For the average user, security concepts are difficult to grasp, so start simple! Sending a beginner down a black diamond trail is a good way to turn them off of skiing forever (or worse, get them injured). It's the same with security. Don't trip up your users by starting them off with complicated concepts – get them on the beginner slope.
Be Specific: Hollow platitudes will undoubtedly get your users to tune out. Avoid vague messages like “keep company resources safe”, instead give users specific, actionable information that will help them change behavior.
Mix it up: How many of you pay attention to the airline safety demonstration prior to take-off? That demonstration never changes so ultimately people lose interest. Don't make the same mistake with security awareness. Vary both the content and delivery method of your security awareness to continually engage recipients.
Keep it going: Why is it so easy to forget what you learned in a boring class? After the final exam, you don't need the information, so there's no need to retain it. We do know that security is a constant and changing threat; therefore, security awareness needs to be continuously reinforced. By continuously training users at different times throughout the year, safe security behavior becomes a habit, and not something forgotten as soon as training is over.
No comments:
Post a Comment