Blog content

Security awareness needs a new experience, not new content

If you’re shopping for a security awareness provider, you’ve got a Netflix-style variety at your fingertips. The problem is that users aren’t looking for new forms of content to teach them the same lessons. Security awareness requires a new approach, not new content covering the same topics. If you’re shopping for a security awareness provider, you’ve got a Netflix-style variety at your fingertips. Here are some of your options: Hollywood style – Habitu8 (acquired by Arctic Wolf) or KnowBe4 (acquired by Vista) can see, there are many different ways to create content that delivers the same message about using keywords. strong passwords, updating your devices, detecting phishing or other common security awareness topics. The problem is that users aren’t looking for new forms of content to teach them the same lessons. For example, your employees know that strong passwords are better than weak passwords. Teaching them to use a new video format or a new approach will not improve their password hygiene. Security awareness requires a new approach, not new content covering the same topics. This approach should leverage data about how your employees learn to provide them with an experience, not content, that consistently engages them. The Security Awareness Experience When thinking beyond content innovation in security awareness, there are 2 main dimensions in creating security awareness that 1) users will enjoy and 2) is efficient. These 2 dimensions are frequency and context. Frequency of Security Awareness Training For users to retain what they are taught, they need training to be as frequent as possible. Here are some of the data on training retention and frequency:Monthly training – 58%3 month training – 26%6 month training – 21%12 month training – 15%This data 👆 shows that you have a loss of retention of almost 50% after only 1 month. The best training frequency, from a retention point of view, is between 1 day and 1 week. To do this, the training must be fast, require no preparation time and engaging. This is similar to the number of SAT training services that work. The context of security awareness training is important. It is important for training. It is important for safety. The most effective experience for training, especially short and frequent training, is in the context of work. Context switching maximizes distraction and adds a lot of time before employees can become productive again. Here is what we mean by context switch:The employee receives an email notification of a new training.The employee clicks the link in the email and is redirected to a web application.The employee logs into a web application. Employee views and hopefully completes the training quickly. Employee navigates back to what they were working on. The above is a waste of time and attention. It also burns employee goodwill about security awareness training. Alternatively, here’s what we mean by in-context training: the employee receives a training notification in Slack. The employee accesses the notification. Employee completes training in Slack (completion is logged). Employee returns to previous Slack channelThe above is fast, requires no new logins, and does not remove the employee from the workflow.—-Security awareness should go beyond content and look at the overall experience learners. By changing frequency and context, security thinking begins to integrate into the workflow.‍

*** This is a syndicated blog from the Security Bloggers Network of Haekka Blog Written by Haekka Blog. Read the original post at: https://www.haekka.com/blog/security-awareness-needs-a-new-experience-not-more-new-content