blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

How Do Your Employees Feel About Security Awareness Training?

Posted by Gretel Egan on 8/10/16

Topics: Compliance Training, Security Awareness and Training, Risk Management, Learning Science Principles, Keys to Success, All Posts

Blog_EmployeeTraining_Aug2016_v1.jpgAs more and more industries add security awareness and training to their list of compliance-related initiatives, more and more infosec teams (as well as corporate education groups and and governance, risk management, and compliance [GRC] officers) will find themselves tasked with delivering cybersecurity education to their employees. In fact, given today’s climate, it’s likely — mandated or not — that you have already implemented some type of program.

Whether it’s on the horizon or front and center, ask yourself this: How do your end users feel about security awareness and training?

First off, if your initial thought is, “I don’t really care how they feel about it. They just have to do it!” I would suggest taking a step back and putting yourself in their shoes. How receptive are you when those types of exercises are thrust upon you?

It goes without saying that there are plenty of things that all of us are asked to put in the it’s-not-for-me-to-like-it’s-for-me-to-do pile. (Flashback: 1983. A Saturday morning in Pittsburgh. Dust rag in the form of an old sock in my hand. The smell of Pledge filling my nose.) But why do that if you don’t have to? The truth is that security awareness and training doesn’t have to be regarded as a chore by your end users.

color_bar.png

Explore Our Training Portfolio

color_bar.png

Your Cybersecurity Training: Stagnant or Fresh?

Today, I challenge you to think of cybersecurity education in a different way. I challenge you to think of it not just as a “checking the box” activity but also a “filling the bucket” activity. Yes, a once-a-year, soup-to-nuts presentation or video about all things cybersecurity will allow you to both check the box and fill the bucket. But a year from now, what will the contents of that bucket be like? Think of water that would sit, untouched, for a year. Not so fresh, right? What (other than Twinkies and M&Ms) could withstand a stagnant period of that length and still be of value?

At Wombat, we take a different approach to employee training, delivering short, bite-sized, palatable bursts of information that can be used to nourish end users’ understanding year round. Can you check the box? Absolutely. The difference is in how you fill the bucket. Regular infusions of awareness and training keep things fresh and interesting.

Wombat-vs-AnnualTraining2016-web.jpg

To Bore or Not to Bore? That Is the Question.

We based our training approach on proven Learning Science Principles because we wanted to change behaviors and help organizations successfully manage end-user risk. Our feeling is that you can’t expect different results if you continue to use methods that have been shown to be less effective from an educational perspective.

The icing on the cake? End users see the difference. But don’t just take our word for it. Here’s what some of our customers have told us about their employee engagement:

Unlike other places where employees often view awareness training as an annoyance, we get a lot of unsolicited emails thanking us for the training and even asking if they can share it with family.

Great product, easy to use, and results are seen with end-user responsiveness.

We love the format of the training and the education it contains. I constantly have positive feedback from employees on the training and the awareness they have gained.

Our users love the training. It keeps them engaged. I would most definitely recommend the training to others.

The modules are good – short and enjoyable for most people, which is why I continue to renew.

Feedback from staff indicates that training is working and is effective. No negative reviews and a couple of inquiries asking if Wombat training is available for individuals (“I'd like my husband/wife to take this course”).

Keep these quotes in mind if you have complaints about “boring” end-user security programs or employees who don’t seem to be “getting it” from the current education materials you’re using. Security awareness training doesn’t have to be a snooze fest. Users who are attentive and engaged are going to turn into security advocates for your organization, which is a win no matter how you look at it.

icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 25+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules

   Educate Yourself: Protect Against Security Vulnerabilities