Less Is More: Words Matter in Security Training and Awareness
There’s a trend lately toward shorter bursts of security training, instead of assigning employees long modules.
But allowing too much time to pass between lessons may make your people vulnerable to threats they’ve not yet been educated on. There are two tricks I recommend to addressing this dilemma: brevity and focusing on storytelling rather than imperatives.
Be Brief, Baby, Be Brief
“I have made this letter longer than usual because I lack the time to make it shorter.” –Blaise Pascal
It’s much harder to be concise than verbose. Too many details, and the important stuff can be lost in a sea of definitions and terms. Confused and maybe even frustrated, employees can simply tune the information out, even the important stuff.
Too simplistic, and employees can feel talked down too and less than intelligent. No one likes to be treated like they don’t know anything.
If you’re creating your own training and awareness materials, take the time to edit. Then edit again. Or look for training that says a lot in the fewest words possible.
Things Better Left Unsaid
Let me use two videos MediaPRO recently released for Cybersecurity Awareness Month to illustrate some key points.
Here are the two videos. See you back here in two minutes.
Phishing by the Numbers
They’re animated motion graphics; nothing unusual about that.
They contain jaw-dropping statistics about the state of cybercrime in the world. Again, nothing unique there. If we can say so ourselves, they also feature well-designed animations and some groovy music, not unlike a lot of content we see these days.
But what are they missing?
They are missing the “finger wag.” The admonition. The-Sky-is-Falling warning. The imperative!
Do you like being given orders? Yeah, me neither.
These motion infographics let the stats tell the story, and that’s where they stop. The jarring data about the state of cybersecurity is far more effective when it’s not accompanied by an imperative, such as:
“76% of people don’t change their passwords after a breach. So, if you’ve been the victim of a breach, change your password!”
Consider that phrasing compared to this:
“76% of people don’t change their password after a breach.”
My reaction to the first version is, “Oh boy, am I in that 76%? I’d better do something about that.”
My reaction to the second is, “whatever” or maybe “I’ve been the victim of a ton of breaches but nothing really bad has happened yet. I’m too busy for this” or worse “don’t tell me what to do.”
Once More, with Feeling
Reactions matter in training. What training content makes you feel matters.
After all, feelings are what drive behavior, and behavior change is what we’re all after. An approach not taken or words left out can be the difference between a lesson learned and a lesson ignored.
I hope this mini-case study using two of our own videos (free to share and spread around, by the way) proves useful when developing training content for your own people.
Download Your Free Cybersecurity Awareness Month 2020 Toolkit!
Check out our bundle of free resources to recognize Cybersecurity Awareness Month. Download free video conference backgrounds, puzzles, and more!Get My Toolkit