Silver: Get Interactive
Take a moment to think: How do great athletes become great? Sure, their coaches’ guidance plays a role. But in addition to being told what to do and how to do it, all athletes need to experience…to feel…to act for themselves. They need to learn by doing.
Interactive education is not exclusive to physical pursuits — quite the contrary. In fact, it’s likely you’ve mastered your business skillset the same way. The concept of hands-on training is one of the research-proven Learning Science Principles that are the foundation of our educational approach. We’ve recognized that, whether you’re 5 or 50, and whether you’re being taught at a university or in the workplace, an interactive experience is one that is more likely to stay with you.
It’s important that you recognize the difference between raising awareness (which happens when you tell your users what to do) and providing education (which teaches your users how to act on the things they’ve been told about). Both are important — but it’s the and in security awareness and training that drives true behavior change.
Gold: Keep Practicing
As our CTO, Trevor Hawthorn, is fond of saying, you don’t run around the block and call that marathon training. The same principle applies with cybersecurity education: you can’t schedule cybersecurity sessions once a year or send a simulated attack or two and think you’ll be able to effectively manage end-user risk. You wouldn’t run your firewall, antivirus, or spam filter part time. Why do that with your security awareness and training program?
Our unique Continuous Training Methodology set a trend in the industry and has consistently generated double-digit reductions in click rates and malware infections for our customers, with one organization achieving a 90% decline in successful external phishing attacks. Though other providers may try to imitate our approach, they will never have the amount of practice we’ve had at identifying and responding to our customers’ needs and delivering effective, behavior-changing security awareness and training products.
As you consider your goals for your organization’s overall security posture, remember that measurable results are best achieved through thoughtful planning. And as far as end users go, practice makes perfect. That’s the surest way to climb to the top of the podium and garner results that make you the envy of other infosec professionals who make end-user education a part-time pursuit.