Your Security Awareness Program Sucks If…

On: November 8, 2013
There is no shortage of pundits who claim security awareness training doesn’t work. But are they right?

There is no shortage of pundits who claim security awareness training doesn’t work. And the truth is, there are a lot of programs that really do suck—but not all of them. The important thing is being able to tell the good from the bad. Here are four clear signs that your security awareness program sucks:

#1: If your security awareness training is boring, it sucks

Getting employees to pay attention to security isn’t easy—so why make it even harder with deadly boring PowerPoint slides or stand-up training? The only “awareness” these things bring about is just how numb your backside gets as you sit through them. Surprisingly few training providers seem to understand the art and science of online training that captures attention, engages the learner, and actually creates and sustains awareness. Good training keeps things interesting with a variety of media, lively interactions, and relevant content. But boring training? That always sucks.

#2: If your security awareness training ignores the ways people learn, it sucks

If the concept of adult learning principles is new to you, there’s a good chance your awareness program sucks. Successful adult learning gets peoples’ attention; communicates relevant information; builds confidence that they can master the content; and leaves them with a satisfying learning experience. If your program isn’t tapping your employees’ inherent curiosity and willingness to learn, it probably sucks.

#3: If your training is a one-time annual event, it sucks

Do you think security awareness training is a “once and it’s done” kind of exercise? If so, your program likely sucks. The fact is it takes many exposures to a message before it sinks in, and perhaps many more before it becomes realized as behavioral change. The health and wealth of your organization may well depend upon your employees keeping security top of mind. What they do really matters. That’s your message, and it bears repeating with a reinforcement program that echoes the message of your training, thus creating a sustainable security-aware culture. Anything less just sucks.

#4: If your security awareness training seeks only to check the regulatory compliance box, it sucks

Security awareness training designed just to check a regulatory compliance box is a useless exercise. To truly move the security needle, you need a program that will actually change users’ behaviors and help you build a culture of security awareness in your organization. A “compliant” but security-clueless organization? That sucks.

At MediaPro, we’ve been helping companies create security and privacy awareness training and reinforcement programs that don’t suck for 20 years. Let us know if we can help you.

Share this Article

Related Articles

Learn some best practices for achieving employee behavior change through effective employee awareness training
5 Best Practices for Achieving Behavior Change Through Awareness Training
Don't waste time and money on an awareness program that doesn't yield real results. Download our white paper for tips on improving your awareness program.
White Paper: 5 Strategies for Improving the Effectiveness of Your Awareness Program
Are you ready to start planning improvements to your awareness program – or even start one from scratch?
Video: MediaPro Best Practices: Factors to Consider When Planning Your Awareness Program
White Paper: A Roadmap for Planning Your Awareness Program