Maximizing the Benefits of Security Awareness Training to Minimize Scrap Learning
So how exactly do organizations get the full benefits of their security awareness training programs? We have long been advocates for a continuous education and improvement process that includes a cycle of assessments and training delivered in bite-size chunks over a period of time. This methodology sits in strong contrast to a “one and done” approach.
Research conducted at Carnegie Mellon University helped us develop highly-effective training solutions which utilize Learning Science Principles to engage the learner and change behavior.
- Present concepts and procedures together: Users may need a procedural lesson to understand that an IP address included in a URL could be an indication that they are seeing a phishing URL. However, they also need the conceptual understanding of all the parts of a URL to understand the difference between an IP address and a domain name, otherwise they may mistake something like www4.google.com for a phishing URL.
- Provide bite-sized lessons: People learn better when they can focus on small pieces of information that the mind can digest easily.
- Story-based environment: Don’t just list facts and data, tell a story.
- Provide immediate feedback: We have created “teachable moments” that deliver just-in-time teaching when mistakes are made.
- Learn by doing: Students who engage in hands-on learning are more likely to remember what they’re taught.
- Use a conversational tone: Phrasing the message differently in multiple contexts makes the trainee more likely to relate it to past experiences and forge new connections.
It’s important to remember that there’s more than one way to achieve the right results if you have the proper elements and foundation. Executing your security awareness and training programs in this manner can provide ancillary benefits, creating a culture of security in your organization that will empower your workforce and prompt employees to do the right thing when faced with a questionable situation. And not only employees — but executives, and your board — can benefit from this education, too.
Subscribe to the Proofpoint Blog