Is Your Awareness Training Program Promoting Noise or Buzz?

The job of a CISO is never easy or straightforward[...]
By Mike Polatsek
image August 08, 2017 image 4 MIN READ

The job of a CISO is never easy or straightforward. Against the backdrop of rapidly evolving cyber threats, you know that the task of keeping your organization secured is, in part, hinged upon using the right tools and technology to meet today’s ever changing attack landscape. But this is only one aspect of the equation; then there are your people.

Trying to Fix the People Problem in Security

Social engineering tactics, and phishing ploys in specific, were the responsible attack vector in almost 75 percent of all of malware attacks on companies in 2017 thus far, proving that fixing human behavior is one problem that tech has yet to solve. One beautiful thing about firewalls, endpoint protection and threat detection platforms is that they can’t talk back; they don’t have pride and they can’t create a positive or negative feeling among their chip and code-based counterparts. And save for the incredibly rare glitch, they perform as expected.

 

Your employees are an entirely different ballgame; trying to change risky behaviors with today’s common employee-training methods will likely lead to annoyance, disengagement and frustration, the byproduct of which is negative organizational noise.

There are some concrete ways that traditional training is creating this negative noise:

The result is cynicism towards security, a perpetual negative noise that pulses throughout your work environment, running counter to your goal of enhancing awareness. In both the long and short run, this negative noise puts your company at greater risk.

 

Transforming Noise into Buzz

But not all organizational noise is bad noise. There is a carefully crafted kind of noise that we believe can really make a genuine and lasting change in the overall corporate attitude towards security. We tend to call it “THE GOOD BUZZ”. This buzz is what makes the change from building mere “security awareness” to establishing true “security readiness” in organizations. It’s the buzz that occurs with a training program that works in concordance with your employees, their priorities and their tendencies. Research conducted by Brenda Killingsworth at East Carolina University shows that there is a significant link between knowledge-sharing and a positive attitude in the workplace. This positive attitude, or buzz, helps solidify and integrate the habits of continual learning with real behavioral change.

How can you achieve this “good buzz” and avoid negative noise?

Reaching a “good buzz” is all about the details of your employee training program; you already know that common training methods leave your employees feeling annoyed, harassed and drained. The right training methods leave your employees empowered and engaged. A good buzz happens when:

By working with a program that views end users as individuals, your employees get the most adaptable security learning experiences, ones that take into account your particular company culture, processes and practices. With data-driven learning solutions, based on sound educational and cognitive behavioral principles, your organizational stance towards security will become one that is more than just aware, it’s positive and security-ready.

Getting the Buzz you Want (Need!)

Successful security training is about much more than just going through the motions; in order to emerge victorious in the face of a real phishing threat, a true behavioral change must take root. By working towards a fundamental change using a solution that combines educational principles with security expertise, you can get rid of that frustration-filled negative noise associated with security training; Instead, you’ll get that positive buzz that comes with being ready for whatever comes your employees’ way. Establish that good buzz.

 

4a34e52d-562b-4e1e-8b71-5c005a7559a9