If we’re honest with ourselves, we’ve all known it for a long time. Posters. Compulsory e-learning. Seminars and desk-drops. They’re security awareness staples. And they’re now all, without question, ineffective. They’re designed to teach people about security. Just on our terms.
Why do some organisations often use two or more security awareness training solutions at once? That’s a question that grabbed our attention when it popped up on social recently. The comment highlighted the following security oddity…
As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense.
Incredibly, traditional cyber security awareness training may actually decrease security awareness. Here’s how to...
To demonstrate why security awareness training so often fails, it’s worth conducting a quick thought experiment....
At the time of writing, Google tells us security awareness training is “a formal process for educating employees about computer security.”You can bet it’s a prevalent definition: the search engine sifts through every indexed web page ever written on the topic to return the single, succinct and simple sentence.
Let’s talk domains. Not web domains, but domains in life. Areas, specialisms, disciplines – call them what you want. Domain dependence is indeed pervasive. And it could be why so many people struggle to take cyber security as seriously as they should.
Whether through simulated attacks or otherwise, psychological research suggests awareness campaigns that connect with people on an emotional level will do far more good than those that don’t.
Although we rarely consider it, ultimately, every email we receive comes with a certain amount of risk. The same goes for every phone call we answer. And every new programme we download.