The biggest mistake I made as a security awareness content designer was teaching people definitions that aren’t any practical use to them.

Does our security awareness training really need definitions for terms such as…?

  • Viruses
  • Worms
  • Trojans
  • Ransomware

These terms are important – to IT Professionals – but probably not to the average employee.

And, yes, they do need to understand the impacts from all types of malware, and that the organization needs to do all they can to avoid it.

But, how will forcing employees to memorize these definitions help them to make better decisions on the front line?

Security awareness paradox

Photo by CHUTTERSNAP on Unsplash

Join our next 5-Day Challenge to experience something completely unique

“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager

We can’t afford to waste employees’ time memorizing useless definitions, while adding to their stress and frustration at the only time we have their full attention?

We should focus on the impacts and importance of threats, and then providing tips that can be easily digested, remembered and used at the right times.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.