Do you hear the words ‘security awareness training’ and think…b..o..r..i..n..g…?
Well, I can’t blame you. So many times, security training programs are frankly, dull. Cybersecurity has traditionally been quite a dry subject, in general, so perhaps that is why awareness training has been also a little on the boring side. However, cybersecurity is far from mundane and lifeless. As cybersecurity threats such as phishing and Business Email Compromise (BEC) continue to attack all businesses across all sectors, the fight against them can be made more attractive through fun, interactive, training sessions.
Here we look at 5 ways that security awareness training can be made, not only attractive and fun, but effective too.
5 Fun Ways to Make Security Awareness Stick
As cybercriminals continually challenge our companies and our staff, we can build defences against them using knowledge. Teaching people how to stay safe in a digital world can be made interesting and useful. How to do that is where The Defence Works excels. We have always designed our training programs to be interactive, fun, and to deliver the most up to date content that reflects real cybercrime. Here are our top 5 ways that you can incorporate fun into your security awareness training.
PLAY GAMES
Let’s face it, we are all big kids at heart. But on a serious level, having fun while learning has been shown to be more effective at building skills. Fun brings learning to life; it engages people and makes them want more. It can also help in explaining complicated ideas and help with understanding. By using fun and interactive games to train your employees about security awareness training you are building more effective training programs. Game-based Learning Theory calls this type of learning ‘experiential’ as it is based on building experiences through role-playing and other games.
Security awareness offers the perfect scenarios to learn using games. For example, you can create role-playing games where some team members act as cybercriminals attempting to scam other staff members – switch each team to learn about the different aspects of the game. In this way, both sides of the game will learn how each operates and how to prevent a cyber-attack such as a phishing scam.
The Defence Works uses gamification across our security awareness training options to make sure that your staff learns through fun.
It is also worth noting that you can do security awareness training games remotely.
MAKE IT INTERACTIVE
Boring and dry classroom security awareness training is enough to make anyone fall asleep. But if you train people by encouraging interaction with a training session, they are more likely to remember what they are being taught. Scenario-based or 'in the moment' security awareness training makes memories that can become good habits.
– Engage your staff with scenario-based security awareness training or "In-the-Moment" training.
MAKE IT RELATABLE
People learn more effectively if they can relate to the subject matter. It is one of the reasons why when you teach a subject you try and personalise it. Andragogy, Adult Learning Theory states that:
"Since adults are looking for practical learning, content should focus on issues related to their work or personal life."
Making learning relevant and relatable will make the topic hit home. This is very important when it comes to cybercrime against employees as it often is personal. Cybercriminals use phishing that is tailored to home in on personal aspects of an individual. A phishing email, for example, often uses tricks such as key events that affect people on a personal level. Spear phishing targets specific people and uses their job type to personalise a scam email. The recent surge of phishing that uses the fear of COVID-19 to encourage email recipients to click a malicious link, exemplifies this.
LAUGHTER IS THE BEST SECURITY MEDICINE
Here at The Defence Works, we take laughter very seriously. The old adage, laughter is the best medicine is also true for learning. Laughter has been shown to improve trust and relax people, both of which contribute to better learning experiences. When you research and develop ideas for building a security awareness training programme for staff, choose one they will respond well to. The Defence Works has created a series of comedy sketches, written by BBC comedy writers to make sure your staff are aware of key cybercrime tactics.
– Watch our free taster sketch "Phishing Emails in Real life" from our hilarious Sketches security awareness training series
SOCIALLY ENGINEER EMPLOYEES
To "socially engineer each other" is definitely a candidate for an updated version of the Oxford English Dictionary. Cybercriminals use social engineering to the point of being an art form. Scams and other cybercrime attacks are almost always (99% of the time) designed to need human intervention to work. To obtain this human input, the fraudsters turn to human behavioural psychology. That is, they use human traits, like trust and fear, to execute their cybercrime plans.
One thing about human behaviour is that it can be used for good, not just evil. By modifying natural responses and putting in place caution under certain circumstances, you can help avoid cyber-attacks.
Add some fun into security awareness training by socially engineering each other. I know it sounds a bit mad, but it makes sense. The more a person gets used to the tricks that cybercriminals play, the more security aware they become. In turn, a person will become more likely to stop and think before clicking a malicious link.
Use the game-based strategy described above to design social engineering-based games where staff members try out different methods to trick colleagues into clicking a link in an email.
Although we advocate making security awareness training fun and interactive, we also recognise how serious cybercrime is. The Defence Works design programs that deliver effective security training that make your workplace a safer place.
If you'd like to see just how much fun our security awareness training packages are, sign up for a free demo here.
Subscribe to the Proofpoint Blog