We all know the feeling. Start a new job, and you’ll be sitting through onboarding presentation after onboarding presentation, many of which aren’t relevant to your day-to-day responsibilities. After a while, you start to tune out, and important information gets lost in the noise.
In no area is this more of a problem than security awareness training, which has always been extremely difficult to execute effectively using traditional methods. Sessions occur infrequently, take a one-size-fits-all approach, and leave security teams with no way to gauge how well employees have absorbed the material. At the same time, employees may have no idea how to access the material once the session is done.
In short, traditional security training is broken. And at a time when the threat posed by phishing and ransomware attacks has never been clearer, companies have to do better. Luckily, the tools exist to radically optimize employees’ security training experience and knowledge retention: the solution starts with the right digital adoption strategy.
1. Right time, right place
The first step toward optimizing your team’s security awareness training is to rethink the foundation of how it’s done. There’s no better place to put learning materials and guides than in the very program with which you want employees to familiarize themselves. With that in mind, security teams should move their training from Zoom recordings or documents pinned to Slack channels to within the apps themselves. Done right, in-app security guidance allows employees to explore features and best practices directly and conveniently, while at the same time enabling security teams to make revisions to that training as soon as new information becomes available or new practices go into effect.
2. Keep content bite-sized
Moving security training in-app also makes it easier for employees to digest the material. Rather than having to set aside an hour to join a Zoom session or watch a video, they’ll only need a few minutes to look through in-app guides to take in new information as they familiarize themselves with new software. This both gives employees back time in their day and makes it more likely that important information won’t go by the wayside.
3. Provide dynamic updates to neutralize threats in real time
Maintaining security means identifying threats and warning your team about them as soon as possible. The last thing a Chief Information Security Officer (CISO) wants is for a phishing campaign to go unnoticed. Each moment a phishing email sits in employee inboxes unflagged increases the odds that an unsuspecting team member will open it, leading to potential disaster.
Warnings sent out as an email or posted in Slack risk getting buried in one’s inbox or notifications. By embracing in-app guidance, however, security teams can send out real-time alerts about phishing campaigns or other suspicious activity, complete with screenshots identifying what the email in question looks like so the threat will be top of mind. In-app messages can also offer instant help and outline next steps for users who may be unfamiliar with the best way to report these and other malicious activities.
4. Tailor training to the individual
With each role in a team comes different security risks. It makes little sense for a software engineer and a sales representative to go through the exact same security training. People working in different areas will have different levels of familiarity with information security and will be exposed to different types of threats. CISOs should bear these differences in mind in their approach to training, and can do so by using a digital adoption platform to segment users within a given app based on role and provide them a tailored training experience. Digital adoption platforms such as Pendo also allow for security teams to segment out users who may be delinquent on completing a training in order to send them reminders, or target users who have had trouble recognizing email threats in the past in order to provide extra guidance.
5. Measure effectiveness
Ultimately, security training is only as effective as its implementation. Without having a means to gauge how well employees are abiding by guidelines, information security teams will find themselves in the dark about how good a job they’re doing. With a tool like Pendo’s digital adoption platform, they will be able to not only solicit feedback on clarity of guidance, but also test employees’ continued security competency through mini quizzes and other in-app assessments.
Security threats and employees’ level of familiarity with them are constantly changing. The best way to keep your team up to date and safe is to leverage digital adoption tools to meet new threats as they emerge, and to communicate with your employees at the time and place where it matters most.