Despite the reliance on IT in almost every business or work environment imaginable and a large investment in cyber security education and protection, over 85% of data breaches are caused by human error. While the number is staggering to read, what is perhaps more staggering is the fact that only 43% of workers admit to making mistakes that compromise cyber security. These are the numbers according to NordVPN Teams.
To further exaggerate the extent of just how ruthless a breach in cyber security can be, CERT NZ’s Quarter Three report from 2020 revealed that in 3 months, over 2600 reports were received, equating to over 6.4 million dollars of financial loss alone. On the low end, that is roughly 2500 dollars per incident, for something as simple as a click onto the wrong link.
The fact is that many enterprises invest heavily into building complex cybersecurity strategies and action plans to better avoid a breach in the security, however, these measures are only as strong as an individual. To be effective, everyone needs to be on the same page and exercise the same preventative measures when going about their daily browsing and work tasks.
Sadly, even the most robust methods of prevention can be undone during a moment of weakness. Whether it is tiredness, or simply unfamiliarity with a certain web address, one wrong click can quickly lead to a breach in security. And despite your best efforts of education, it's not uncommon for information to breeze past an employee if they were disengaged with the content.
This too is further undone with the modern workplace of the home office, and while employee activity can be easily monitored within a traditional office environment, complications arise when an employee decides to work from home.
The trouble is that many businesses resort to the ‘school lecture' way of training, and it is not uncommon for these training sessions to replicate that of a classroom. It is difficult to educate people when their hearts really aren't in it or the content is uninteresting, and it certainly doesn't help it stick. However, when properly educated the proof is in the pudding. Therefore it should be noted that if the cybersecurity training is made dynamic and engaging, people will be more likely to complete and even enjoy the education process. Resulting in better cyber awareness.
There are several ways to ensure that the training is both beneficial and enjoyable, it simply depends on how you go about it, so we have compiled a list of approaches you could take to better ensure completion of training, and make it a memorable experience.
5. Gamify it
Statistics, analytics and graphics are great for showing growth after a busy sales period, brainstorming future marketing efforts, or showing off your year 8 science project. But unless you are directly affected by the slide after slide of analytical or statistical data it can be hard to stay interested in what's being said. Do’s, Do Not’s and confusing 15-step safety procedures eventually end up sounding repetitive and disengaging. Quizzes, games prizes and quality time with colleagues will enhance the experience and enjoyment factors of each training session, further making the cyber security training stick.
4. Engage in friendly competition
No matter what work environment you find yourself in, competition is always a great way to motivate you and your workmates. Salespeople thrive off the idea that they made a bigger sale than their workmates. When you're playing board games the thrill of competition makes you more excited and invested in how the game plays out. The list goes on. However, simply putting a question in the middle of a video or innovative is not enough. The fact is that people like to be incentivised whether it's a prize or pride point. It all works together to make the content more engaging. Try offering monthly, quarterly, or yearly competitions to keep the workforce constantly aware of new threats and see if they apply training.
3. Make it rewarding
As a kid, getting a gold star on your sticker chart is one of the most empowering and motivating things in the classroom. Even if you don't know what the reward is, the thrill of possibility made the hairs stick up on the back of your neck. The fact is this hasn’t changed, only instead of a strawberry scented eraser, you can get a lot more. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus.
2. Make it collaborative
It is in everyone's best interest to ensure a cyber security breach does not take place, and no saying is more relevant than ‘many hands make light work’ and ‘teamwork divides the task and multiplies the success’. Employees should be encouraged in collaborative efforts. In workshops, ask staff to work together and craft a feasible phishing email and compare it to a legitimate email, then ask the other team to decipher it. This not only encourages them to learn more about the nuances of phishing emails but also to spot potential scams easier.
1. Be understood
Too often jargon is used in cyber training sessions. Although it simply rolls off the tongue of an IT professional, explaining why these things are important to anyone in marketing, accounting or numerous other roles needs to be done in a way that they understand, otherwise, it simply becomes noise and it detracts from the content. Sure it sounds important and technical, but they also dub this as an issue unique to your IT department or IT provider. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.