Security Awareness- Can Custom Training Truly Make a Difference?
Your company has just endured yet another security breach. One of your employees left an open iPad on a table with friends at Starbucks. One of the friends jokingly sent an email to the employee’s entire department. The contents of that email were, shall we say, colorful. Can Custom Training Truly Make a Difference?
The thing is, you had conducted security awareness training for all employees. How could this employee have made such a silly mistake? Well, first of all, the employee might make better choices in friends. But beyond that, why didn’t the training change the behavior? Why wasn’t this employee aware of potential security hazards?
Obviously, security awareness success is an effective combination of the implementation of the technologies available to prevent compromises and appropriate human behaviors. While it may be tricky to keep pace with changing technology, it may be even trickier to impact the behaviors that can lead to security issues. Custom training is definitely a huge piece of this puzzle.
While there are many options available for generic off-the-shelf security awareness eLearning, these courses may not really address the specific security challenges of your organization. At one Financial Services organization, security of systems, processes, and information was critical to the corporation’s success and growth. And, security of clients’ information was a cornerstone of their corporate values. Because of the Company’s business, their security concerns were very specific. The Company faced a challenge: how to formalize these security awareness protocols so that it was easily accessible, consistent, adaptable and applicable across the global population. And, perhaps, most importantly, how to ensure that sharing this information would truly improve behaviors.
Creating an online custom training program that demonstrated the tools, behaviors, policies and procedures around security requirements provided an exciting, engaging and memorable vehicle for educating the corporate population, scalable and accessible across business units, departments and global offices. KMI Learning developed a series of rich eLearning modules, following a narrative scenario style that provided the underlying security foundation in a compelling way and that is accessible on –demand, to every employee worldwide. Not only that but the courses revolved around a set of characters that were relatable and were in situations that were unique to the Company. Employees saw themselves in these situations. They saw how the policies could and should be applied to their daily work life. They were able to practice decision-making and applying security awareness strategies within the modules with no ramifications for the Company. While these interactions were fun, they were also memorable, easily brought to mind when similar situations arose in real life.
As a result of this Security Awareness program, the Company has experienced a significant, quantifiable, positive change in employee behavior related to security. There has been a significant decrease in security breaches and improvement in routine security measures. And, employees are vested in the series, they anticipate the updates and look forward to seeing in what new situations the characters find themselves.
No longer would an employee not think about leaving an iPad untended!