Security Awareness Needs a New Experience, Not More New Content
October 31, 2022
If you are shopping for a security awareness vendor, you have Netflix-style variety at your fingertips. Below are some of your options:
As you can see, there are lots of different ways to create content that delivers the same message about using strong passwords, updating your devices, detecting phishing, or the other common security awareness topics.
The problem is, users aren’t looking for new forms of content to teach them the same lessons. As an example, your employees know strong passwords are better than weak passwords. Teaching them using a new video format or approach won’t improve their password hygiene.
Security awareness needs a new approach, not new content covering the same topics. This approach needs to leverage data about how your employees learn to provide them with an experience, not content, that engages them on a regular basis.
When you think beyond content innovation in security awareness, there are 2 primary dimensions in which you can build a security awareness that 1) users will enjoy and 2) is effective. These 2 dimensions are frequency and context.
In order for users to retain what they are taught, they need training to be as frequent as possible. Here is some of the data about retention and training frequency:
That data 👆 shows that you have a nearly 50% loss of retention after only 1 month. The best training frequency, from a retention standpoint, is somewhere between 1 day and 1 week. To accomplish this, training needs to be fast, require no prep time, and engaging. This is similar to how many SAT training services operate.
Context matters. It matters for training. It matters for security. The most effective experience for training, especially frequent, short training is within the context of work.
Context switching maximizes distraction and adds lots of time before employees can get back to being productive. Here’s what we mean by context switching:
The above is a waste of time and attention. It also burns goodwill from employees about security awareness training.
Alternatively, here’s what we mean by training in context:
The above is fast, requires no new logins, and does not take the employee out of the flow of work.
Security awareness needs to move beyond content and examine the overall experience of learners. By changing frequency and context, security thinking starts to embed itself into the flow of work.
Schedule a demo
Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.