Do you ever feel like you hear a collective groan through the office when you send out an email about security awareness training? Or maybe there is water cooler talk about how people are planning to be sick during the meeting on information security awareness?
In honor of effective communications month, we thought it would be helpful to share some tips on making your employees care about security awareness. Here are 3 to take to heart:
Tips for effective security awareness training
On a basic level, to make employees care about security you need to make it less boring and more personal.
1. Redefine “training”
When employees hear the word “training,” they imagine long meetings listening to someone read off a lousy PowerPoint. There is no written rule that says training needs to be done in meeting form, on a PowerPoint or through a series of mundane posters. Think about ways you can mix up your training format to keep employees engaged. Gamifying information security awareness is a new trend and one that will likely stick around for a while.
2. WIIFM?
When it comes to effective communication, no acronym will guide you to as much success as WIIFM – what is in it for me? Let’s admit it, we are selfish creatures who don’t like change. When we are being asked to follow new protocols or safety procedures – especially ones that have a learning curve or slow down the way we do things – one of our first thoughts is, “why does this matter to me?” Tell employees why security awareness is important to them because that is what they care about, not about how it will help the company be more profitable or secure.
3. Security awareness never stops
Never let the conversation on security awareness stop. We are not suggesting you become a social outcast by becoming a broken record; instead, we are suggesting that you stop reserving the security conversation for security meetings or memos. For example, if you are fixing someone’s computer, share a few tips with them while you wait (keep the idea of WIIFM in mind when doing this). One-on-one conversations are always going to be more effective than a group meeting because you can personalize your message and people feel more comfortable asking questions when there isn’t a group around.
We want to here from you. Share with us on social media what you have learned about keeping employees interested in security.
Very true, employee’s/users need to be engaged as part of the solution. Even something as simple as a poster contest has proven to be extremely successful in multiple companies I’ve worked for. The posters are created and voted on my the users and then used in the Awareness Program.