What happened when you bought the newest, coolest gadget for someone who didn’t know how to use it?
a) It stopped working quite soon.
b) It was used for a while and then forgotten.
c) The person really enjoyed it because they learned to use it properly.
It’s hard to enjoy its benefits when we don’t understand how something works. The same is true for cyber security in your business: You can spend for it, get the best solutions and tools, hire the most expensive consultants – but maybe for nought if your staff are not highly cyber aware.
Cyber security training is key
Our lives are now highly digitalised. IT has become essential to business. Cyber security has become extremely vital to keeping our information and systems safe. At the core of your cyber security strategies should be one key component: Training.
Why? Because human error is still the leading cause of cyber incidents. Training your employees can transform them from passive onlookers (or even weak links) into active cyber security assets.
Make your cyber awareness training more effective
Training is a must for any effective cyber security strategy, but don’t do it just to tick a box. Train your people so they can actually stop cyber threats. How can you do it more effectively? Here are some ideas…
1. Do it more often.
One annual in-person course is good but doing training two or three times in a year can help your staff to retain the lessons better. Doing training more often can also highlight the importance you give to cyber protection.
2. Keep it short.
Humans have a short attention span. People also get distracted more easily. Don’t try to cram everything into one long session. Do shorter ones instead. Doing trainings more frequently also means you can make them shorter and more focused. Plus, support in-person training with short online lessons and resources and sharing articles or videos with your staff. Utilise microlearning to feed your staff with bite-sized information.
3. Notify in advance.
Most people would appreciate an advance notice, when their calendars are still more flexible. It can also give you an idea of the number of participants, especially with pre-registration.
4. Present choices.
When a cyber security course is mandatory, it will feel like a chore, so provide your target trainees with options. Have them choose a schedule or a format (in-person or online), whenever possible. People will feel better with choices rather than when “forced”.
5. Show the benefits.
People tend to get involved when they know “what’s in it for me?”. Encourage everyone to join by presenting the benefits to their work and to the company. This can also heighten engagement for your entire cyber security campaign.
6. Make it personally relevant.
When presenting the benefits of cyber security education, mention how it can personally benefit the participants. It can increase their value as an employee, add to their skills (and to their CVs), give them better protection in their personal online activities. Stress their individual role in preventing cyber-attacks and in Australia’s cyber security leadership.
7. Make it real – avoid theories and reduce jargon.
Theories bore people. Show your trainees practical applications in their work. Aim at nurturing their cyber security skills, not brains full of technical terms. Most people will not care about IT jargon, so present concepts in relatable ways. Use real-life illustrations and metaphors.
8. Hear them out.
Many people like voicing out their opinions or asking questions. Give them an opportunity to speak out in your training events. Include a feedback mechanism that you can also use for improving your cyber awareness program.
9. Do regular audits.
Audits can include checking workstations for non-compliant software or asking staff about the company’s password policies. Just make sure you do it not to penalise but to teach cyber security in actual work situations. Audits can also reveal possible training gaps and training effectiveness.
10. Reinforce it.
Use every opportunity to build cyber awareness. Post printouts about multi-factor authentication or social engineering or other topics in your bulletin board or even on toilet doors. Send out emails on Cyber Mondays (or other day). Include some trivia in your newsletter. Create a cyber-aware culture where cyber security is always in their minds.
Perk up your cyber security awareness training!
Trainings can get people yawning. Make it more fun using these ideas:
1. Make it a hands-on experience.
Corey Bleach of EdgePoint Learning wrote: “Experiential learning puts your employees at the center of what they need to know (instead of making information the star).” People learn better by doing. Turn cyber security concepts into experiential activities.
2. Gamify it.
Games are very engaging, fun, and effective in teaching cyber security. Gamification is both mentally and physically stimulating, releasing dopamine and endorphins that both generate positive feelings that can set the mood for learning. that both generate positive feelings that can set the mood for learning.
3. Build on teamwork.
People generally like being part of a team. Working in collaboration with other employees creates a sense of strength as a community. Emphasise the value of teamwork in fighting cyber threats and the importance of each member of your team.
4. Incentivise it.
Games work because people like winning. Award badges or points that staff can earn by attending training events or by applying cyber security measures in their work. Be generous in giving incentives – they don’t have to be expensive but can make an impact.
5. Use themes.
It can be as simple as asking trainees to wear a certain colour at the training. You can also:
- Infuse relevant themes in your presentations like heroes and villains or tech celebrities.
- Use monthly themes like Password Protection Month or Phishing Awareness Month.
- Use course titles like “Don’t Even Think About Clicking the Link” (about malware) or “Spot the Difference” (about fake websites).
6. Incorporate music and songs.
Music makes remembering easier. Ask a friend with a knack for music to help you replace the lyrics of a popular song with a cyber security reminder, then teach it to the trainees. You could also use a war movie’s battle scene soundtrack to remind employees about being in a cyber war.
7. Use quizzes.
You can use cyber security quizzes for both in-person and online training or send them out weekly to your employees. Don’t make them too hard or too complex. Find ways to make them fun and engaging. Give out tokens for completion and prizes for perfect scores.
Train better with a cyber security services provider
Ready for web safety training? Who can help you better than cyber security experts? ADITS has been helping businesses prepare their employees to become cyber warriors. Just book a free consultation to find out more or contact us for enquiries.
Don’t wait for a data breach to come knocking at your door. It could just knock your business down without warning. Do your cyber awareness trainings now.