Buzz or Bomb? 6 Signs Your Awareness Program May Miss the Mark

On: March 16, 2016
If your security awareness program is bombing, it could be you’re approaching the problem from the wrong perspective.

Not too long ago, a client of ours who had just released a dynamic new Information security course told me how blown away he was with the response they were getting.

He recounted how employees stopped him in the hallway to thank him for not boring them to death! His inbox was full of compliments, and his colleagues wanted to duplicate his training in their own departments. In short, his awareness program created a buzz.

Is your training getting this kind of reception? If it is, keep it up! But if it’s bombing—if people roll their eyes at your training, and ignore your efforts to make security protections part of the conversation—it could be you’re approaching the problem from the wrong perspective. If you’re not getting the results you want from your security awareness and privacy awareness efforts, here are six things that might be killing off any hope of an enthusiastic reception to your training.

1. You checked the box

The biggest cause of a failed awareness program is your decision to just “check the box” and get it done. Regulations require that you train people, but they don’t say how, so checking the box is easy. But if all you care about is satisfying the legal requirement, then that’s all your people will care about, too. And in the end, all you really will have done is to create another administrative burden that provides no return on your investment.

2. It’s no fun

How are your completion rates stacking up? If people aren’t finishing the training, it could be that slogging through the material is just a drag. For training to be effective, it must be inviting, interesting, engaging—and ideally enjoyable. And if you want the course to be remembered 15 minutes after it’s been taken, it’s also got to find some hooks in the minds of the learners. You can do that with good courseware that integrates just the right amount of humor or even game mechanics. In other words, make it fun!

3. It’s not relevant

When training material doesn’t address employees’ real life, motivation plummets and frustration soars. Worse, if it is perceived as irrelevant, it will be ignored, quickly forgotten, and may even sow seeds of discontent. Adults want to know why they need to learn something. So deliver training that makes it clear how the new knowledge will serve them in their day-to-day work, and that the new knowledge will be both relevant and practical. If these all-important motivational attributes are lacking, you’ll lose more than the learners’ interest.

4. The training material is stale

Ever eat a stale slice of bread or drink a flat soda? That’s essentially what you’re serving your people if you’re not keeping your awareness training and reinforcement content fresh. If people take the same course year after year, they’ll begin to ignore it altogether. No doubt you’ve experienced becoming so used to something—like that ratty old chair in the living room—that you no longer pay any attention to it.  The same can be true of your awareness program. So freshen it up, shake it up, make a little noise about it. Give buzz a chance.

5. The program lacks executive support and modeling

Is your organization’s management helping or hindering the cause of security and privacy awareness? Where corporate culture is concerned, actions speak louder than words. If the leadership circumvents security measures for its own purposes, or rewards others who do the same (like paying bonuses to employees who take “shortcuts” to meet or exceed short term goals), then the program is sure to be a bust. Most leaders understand that culture plays an important role in their organizations, but many, it seems, have difficulty understanding how it can be leveraged to bring about security/privacy-aware behaviors—or worse, how it might actually impede those behaviors. Your people are looking for consistent role models. Lead the way!

6. You used the wrong awareness training approach

It happens! It’s no secret that security awareness programs do not always work or deliver the expected results. As we have seen, there are many reasons an awareness training program might bomb. Perhaps the training was simply a boring PowerPoint, converted for online delivery, with no thought given to engaging employees in considering the impact that security had on their lives; perhaps it was a series of videos that amused people with animatronic malware bots, but failed to convey the behaviors they needed to practice at work. The success of your security awareness initiative depends upon delivering a training and reinforcement solution that has been designed specifically to support adult learning, enable essential best practices, and reduce risk. Frankly, not all awareness training solutions are up to these tasks.

When you’re looking around for a new security or privacy awareness program, ask yourself whether your candidate solution will boom or bust, buzz or bomb.

Want to learn how MediaPro can help you create a buzz around your awareness training? Contact us, or request a free demo to find out. 

Share this Article

Request Demo

Related Articles

Share this free animation with your employees to remind them of the dangers of malware.
Video: Don't Let Malware Spoil the Fun
Read our newest eBook on how the NIST Cybersecurity Framework can be used to improve security awareness.
eBook: How the NIST Cybersecurity Framework Improves Security Awareness
Don't waste time and money on an awareness program that doesn't yield real results. Download our white paper for tips on improving your awareness program.
White Paper: 5 Strategies for Improving the Effectiveness of Your Awareness Program
Read how Australia-based Iluka Resources worked with MediaPro to developed a multi-topic security awareness program.
Case Study: How Iluka Resources Created a Security-Aware Culture