So, you’re glad to put 2021 behind you, and start a new calendar year. Maybe you’ve even made some resolutions on both the personal and business side. One of those things might just be “To do something about our stale security awareness program.”
You may not have been able to identify exactly what’s wrong with your awareness program. But chances are, it’s the primary paradigm of generic content delivery and quizzes.
As Mark Rasch points out in his article on Security Boulevard, “We must find a way to go beyond training; go beyond learning to change and reinforce culture.”
Even in 2022, it’s disheartening to realize that most security awareness programs aren’t much more than a 15 minute course on generic best practices, followed by a laughably simple quiz that employees can often “click through”, without really committing the guidance to long-term memory.
It’s very hard to change behavior with a 15 minute course, a quiz and some random microlearning blasts that may be entertaining, but really don’t exercise employees’ decision-making skills.
What about live phishing simulations?
So, many companies have added to the mix a series of live, simulated phishing emails to test employees’ ability to spot an attack. The idea is good, in theory, because these messages are designed to test employees’ real risk decisions. However, the challenges with implementing live phishing simulations are still significant, despite their apparent ease of deployment.
From firewall issues to employee backlash and inconsistent trend data, live phishing simulations are acquiring a reputation of being difficult to manage, even at a high level, and limited in real, actionable value. Check out my Phishing Assessment Optmizer™ to learn about the challenges and requirements for running successful phishing simulations.
So, is it a mystery why 90% of security breaches involve decisions made by employees targeted by phishing or social engineering attacks?
Quizzes can only take you so far in moving employees up the hierarchy of Bloom’s Taxonomy, to actually change behavior. Moving beyond bland quizzes to a highly interactive, immersive employee experience is exactly what Click Armor is doing to help businesses get the serious state of security awareness programs under control.
Click Armor uses gamified simulations to motivate employees to actually immerse themselves in realistic, relevant risk scenarios they will likely face at some time in the future.
Gamification has been proven to be very effective at engaging employees to focus and learn. And what we’ve learned is that it can also be used to revitalize security awareness programs, to reinforce behavior in a sustainable way that is motivating, inclusive and has a positive impact on culture. Nobody feels targeted, and there are fewer implementation issues than with traditional, live phishing simulations.
Managing risks requires good data for assurance
As an added bonus, gamified security awareness isn’t just a better way of delivering training content. The higher degree of employee interaction provides a basis for rich vulnerability data to provide more assurance, and to manage security risks related human decisions.
To find out if Click Armor’s gamified learning platform can help revitalize your awareness program by using the button below.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
Photo by Patrick Amoy on Unsplash