You may be familiar with the annual cyber security (or cybersecurity) awareness training at your company. Most companies have mandatory training that all employees need to complete as part of their compliance requirements. In other words, it’s a method to remind you not to click the link.
I’ve participated in awareness training recently and all I could think about was “why is cybersecurity awareness training so boring?” and I’m pretty sure that I’m not the only person feeling this way. So, let’s try to figure it out.
Why does it matter if the training is boring?
Technology is changing so quickly especially with the advancements of AI. Hackers are using the recent technology to plan and execute their attacks, often resulting in multiple attacks being executed simultaneously. These changes make cyber security more important because we all need to be aware of how to protect ourselves online. However, if the online safety training is dull and boring, the trainee will not be engaged, and the training will not be prioritized.
I’ve asked a few people to share their view on the training because I’m a cyber security professional, yet I was bored and needed to know how others felt. The responses were disappointing, but not unexpected. What stuck out like a sore thumb was that even though everyone completed the training, they hardly remembered anything they had learned. So, what makes awareness training so boring? Let’s find out.
What makes awareness training boring?
To be clear, I love the field of cyber security, and I wish everyone was as interested in it as I am. But I would like to get more people interested, so I’ve grouped the “boring” feedback into seven categories:
- Too much jargon. The cyber security terms are often used, but not always in a way that everyone understands.
- Overuse of formal language. While already struggling with the jargon, the language is often formal and uses words that wouldn’t necessarily be used by the trainee.
- Repetitiveness. The training is often recycled from the previous years with no obvious changes to the content.
- Outdated content. While it’s important to include the basics, the content is often outdated and does not include the new techniques or technology that hackers are using as part of their attacks.
- Poor delivery. The trainer’s delivery can be monotonous and formal, making the topic less interesting, even if the topic is interesting.
- Excessive reading. Just too much reading. Period.
- Inadequate examples. The training often only applies to a business setting and doesn’t include examples of how to incorporate the training in your personal life.
It would be quite easy to leave it as is, but we need potential solutions. Let’s have a look at how we can make the training less boring.
How to make awareness training less boring
First and foremost, this is far easier said than done. We’re trying to take a topic that people generally don’t enjoy, and make it more interesting, possibly even enjoyable. So, how can we make it less boring:
- Make it simple. Big words scare people, especially if you’ve never heard the words before. Use simple words and terms to ensure that it can be understood by anyone participating in the training.
- Diversify the content. Some people enjoy reading, others enjoy watching videos, and others prefer playing games. Have different options available that will cater for most people to ensure that it can be enjoyed by many.
- Find the humour. Everyone likes to laugh. Find a way to add a joke or two to reinforce the lesson.
- Personalize the content. If people can apply the lessons they’ve learned from phishing training to their personal lives, it’s unlikely they’ll forget about it quickly.
- Updated content. Ensure that the content is updated and relevant by including the latest breach information or techniques that are actively being used in cyberattacks.
There are more ways to improve the training, but these are the ones that are most likely to have the biggest impact. Especially where fun is involved – who doesn’t enjoy a good laugh every now and then (or daily)?
Final thoughts
I feel strongly that everyone should be more cyber-savvy these days – it’s too risky to not know the basics. And then I remembered why we have Willowbesecure – we want to make it easy and fun for everyone.
And that’s exactly what we’re going to do. We’ll try our best to see if we can crack the code to making cyber security awareness training incredible! We would LOVE for you to be part of our journey. Feel free to share your thoughts and suggestions with us. Be secure!