Wake Up! Security Awareness Training Shouldn't Be a Snoozefest
Boredom is dangerous. Employees “zone out” during security awareness trainings because honestly, they suck. People don’t remember the information, and worst of all, don’t change their risky actions..
Security training doesn’t have to be – must not be - lifeless. Even when the topic is mind-numbing bureaucratic regulations, security training can be fun. The more fun the training is, the more likely your employees will pay attention and actually use what they learn.
Here a few tips for keeping your employees awake during your next training.
Tell a story
During the dark, early days of World War II, Frank Capra, a Hollywood director, was asked by the military to make movies to fight the frighteningly effective Nazi propaganda.
“Why me?” asked Capra. “This is a serious subject and I make light comedies.”
“We need to motivate US soldiers,” was the response. “We’ve tried magazines, comics, and books, but nothing is getting through to them. We think that they’ll pay attention to movies.”
Capra made a series of films titled Why We Fight. Narrated by the distinctive voice of famous actor John Huston, these well-produced movies were wildly popular. The most well-known scene is one mocking Hitler by having him appear to do a silly dance.
The point of the above story is that it is a story. I can tell you that you should use humor, famous actors, and moving images with good production values to motivate your employees, but you are far more likely to remember these points by reading the above story.
Be professional, but don’t act like a business
Capra was given free rein to make his movies. If bureaucrats had written his scripts, his movies would have been dull as death. Similarly, you should beware of security awareness trainers whose message has the snap and pizzazz of a corporate tax code.
Talk to your employees like they’re human beings. This will surprise them and get their attention, which will help them remember the training. Keep their interest by making sure the information you give them is directly related to their real-life risks.
Just as movies successfully motivated US soldiers, videos can help your staff against hackers. Well-made, entertaining videos will not only motivate employees, but generate buzz. The number of likes and views of videos can measure the success of the training.
Production values matter. A long single shot of a talking head who sounds bored with his own words will bore your employees. Action, humor, and plot can be effective in memorably conveying important information.
Diversity also matters. Everyone likes watching videos that have people who look like them. If a significant portion of your staff is female, the videos better have a good representation of women
Mix things up
Variety will keep your employees interested. In addition to videos, use animations, emails, surveys, and real-time events. National Cyber Security Awareness Month has lots of opportunities for contests, social media, as well as tips for families.
Buy-in from leadership
Employees take their cues from their bosses. If they don’t think the leadership cares, they will tune out even the most entertaining security awareness training. Make sure that c-suite communicates that security awareness is more than a token effort.
Unfortunately, some security awareness programs are rolled out in a hurry, either as a response to a cyberattack or to meet a deadline for regulations. Employees can sense a rush job, and will not take these efforts seriously. A well-thought out program launched over a period of time will engage your staff.
For examples of interesting, well-made, funny security awareness trainings, check out our Basic Trial Platform.