banner-image

6 Tips to Overcoming Global Challenges in Employee Security Awareness Training

By Omer Taran
image August 15, 2021 image 6 MIN READ

Most of our customers are multinational companies employing people worldwide. These customers often encounter resource limitations related to reaching out to their distributed employees and engaging them with security awareness. Such limitations take the form of fewer face-to-face meetings (especially during the past couple of years), less customized content, and a lack of familiarity with other cultures and their cyber risks.

We find that there is almost a direct correlation between the distance from a company’s headquarters and compliance with internal operating procedures. This isn’t new, of course. Knowledge transfer is a widely recognized problem in the world of knowledge management. (For those of you who want to learn how to make knowledge more transferable and eliminate some of the barriers related to knowledge diffusion, we recommend reading ‘Sticky Knowledge’ by Prof. Gabriel Szulansky).

considerations When designing security awareness training (especially phishing simulation campaigns) for multinational companies, there are numerous pitfalls to avoid and considerations to be made. Here, we will discuss first the pitfalls and then outline the options lying ahead of you when operating such a program.

Content creation

It’s the first day of launching an awareness training program, and already you have two responses from senior managers abroad. What a great way to start! You dive into the first email. It’s from a colleague in the Russian branch asking you if you’ve coded the landing pages yourself. You look at the attached screenshot, and you’re in shock. It’s not what you created. Apparently, the Russian translation is much longer than in English. The outcome: misplaced header borders, giving the page an amateur look.

phishing simulations worldwide

With some apprehension, you proceed to the next email from a colleague in Israel asking you why all the training content addresses men only when the local workforce is 56% women. You’re taken aback. You? Discriminating on gender? How were you to know that there are languages that are gendered by default?

When writing training content, there are a few critical guidelines to follow:

  1. The content should be eloquent, it should be free of grammatical errors, and use an appropriately professional tone.
  1. In gendered languages where the male or female form involves different words, every effort should be taken so that content does not discriminate based on gender.

Following these guidelines is admittedly difficult; adapting them to different languages is another challenge altogether. Let’s consider eloquence, for example. Most translators know that translation is a compromise between adhering to meaning and adhering to style. In most cases, achieving both is nearly impossible. Keeping translated material both personal and non-discriminatory while translating the text into different languages also requires significant skill. Even design presents challenges: the characters of some Asian languages take up only a third of the space required for some European languages, for instance, so that placeholders that fit certain Asian languages perfectly might seem overcrowded in the case of European languages.

Working hours and holidays

You’ve been reviewing the results of your latest multinational phishing campaign. The results show actual improvement, especially across some European countries. Two months later, you see an unexplainable increase in individuals falling prey to phishing activity within those specific countries that had shown the greatest improvement. Baffled, you call an overseas colleague, only to learn that your earlier campaign landed in employees‘ inboxes during their vacation. As a result, click rates plummeted.

It’s safe to assume that there are working days and non-working days in every country. Although hackers aren’t known for caring much about employee well-being, it is of primary concern to you when engaging your employees in security training. In some cultures, for example, it may be common practice to send employees emails over the weekend or on holidays, whereas in other countries, this might seem offensive. Every good training program has to factor in such elements. Remember: you can only control the training, not the learning. For learning to occur, employees have to be in the right mood—and in some cultures receiving an email at 10 pm will not result in a good learning experience, whereas in others it would be totally acceptable.

Content localization

One of our favorite phishing simulations involves offering free coffee in our totally fake coffee chain. Employees often do need a shot of coffee and there’s nothing like some delicious free java to bait them into clicking a link. But how do you localize such a simulation to countries in which coffee chains are nonexistent, or perhaps, where coffee pales in comparison to tea? Similarly, if you reference the US elections in a phishing simulation, it won’t have the same effect in your US branch as well as in your Polish branch.

Tips to Avoid Challenges in Your Global Security Awareness Training Beyond this, how do you translate brands: globally, or locally? Should you use a local language transcript? Is it better to use the translation or keep the brand’s name in its native tongue? Each of these parameters impacts simulations’ effectiveness, as well as their respective training content.

But localization goes beyond just phishing simulations. Issues such as content design might require much more delicate handling. Is your punchline offering too much of a punch? Are you subtle enough? Or are you too subtle? Some cultural elements involve the local context, and some, the corporate context.

Visual Elements

Here’s another scenario for you. Let’s say that before launching your first security training campaigns for your company’s two largest offices—in Beijing and in Johannesburg, respectively—you asked a colleague for advice. That was a close call. The bold red banner you planned to use in China won’t go over very well in South Africa, where red is a color of mourning.

How you incorporate color into the layout of your design, and the deliberate placement of key elements in your layout has an impact on employee sentiment and engagement. Color theory references offer some perspective into emotional connections to colors from a western perspective; however, you’d be wise to consider that colors in different cultures are interpreted differently.

6 Tips to Overcoming Global Challenges in Employee Security Awareness Training Email and website heat map tools provide a visual representation of how a reader experiences your digital content. These use sophisticated software that tracks a user’s cursor and display corresponding “hot spots”, which are spots where the reader spends time and clicks, and “cold spots”, where the reader ignores them.

6 Tips to Avoid Challenges in Your Global Security Awareness Training

Now that we’ve outlined the possible pitfalls and considerations, here are rules to make your life easier:

CybeReady’s autonomous training platform embeds all translation and localization elements into the program so your team can achieve maximum employee engagement with no effort. To find out why global companies worldwide choose CybeReady, meet our team for a short product demo.

4a34e52d-562b-4e1e-8b71-5c005a7559a9