Good training is a matter of context


Every organization needs an impactful safety training program that empowers employees to intuitively perform their duties safely.

No matter how advanced technology solutions evolve, human error and negligence will always be a predominant risk that organizations must proactively mitigate. Inculcating and maintaining good security behavior is a fundamental measure to prevent, identify and respond to security incidents caused by “the human factor”.

Whether such a program should be developed and deployed in-house or outsourced to an external vendor depends on the size and maturity of an organization’s information security function. Even organizations with the specialized expertise and resources to develop and manage an in-house security training program can look to training as a service as a contribution to their program.

A security training program should be designed to enable employees to identify cyber threats and report actual or suspected security incidents. It should not be delivered in isolation, but as a holistic program based on psychological theory, which combines education, training and security awareness (commonly referred to as SETA) with practical initiatives that guide employees to make the right safety decisions.

Developing systems, applications and processes in a way that promotes safe behavior but does not hinder productivity (such as via visual cues or audio prompts) enables employees to proactively apply their learnings from SETA. Importantly, it also reminds them of the options available to them.

When purchasing training as a service, buyers need to move away from a compliance-focused mindset to select a solution that best applies to the organization’s specific context. Buyers can only know which solution they need if they understand the factors that contribute to poor security behavior.

A preliminary step is to establish the attitude of the workforce towards safety training (often linked to company culture), the constraints imposed by safety that employees dismiss as barriers to doing their job, and their general familiarity with safe practices. This analysis will put buyers in the best position to identify what they really need in a training program, in order to select the solution that will work best for their organization.

To be successful, a training program must resonate with the public; it must impart the desired knowledge, skills and competencies, and it must be imparted in a stimulating way that motivates employees to behave safely. Buyers must therefore determine whether the content is presented at the right level; can it be tailored to specific roles and responsibilities, and how is this content delivered?

Training programs should have a positive impact and improve employees’ perception of information security. This usually requires the program to have some form of interaction with its audience, whether through gamification or other means of building engagement with the content, such as short quizzes, friendly competitions or problem-solving tasks.

Employee receptivity to training often depends on the style, language, narrative and narrative adopted by the training program – does it align with cultural norms, values ​​and messages already familiar to employees? Is there the option of delivering the training as a service within an organization’s own branding or inserting personal messages from the organization’s leadership team to highlight its importance? Safety champions can be a useful way to validate the benefits of safety training.

Buyers should also consider the format and frequency of training. Many organizations opt for annual training, but small, digestible micro-content is more effective for learning and long-term retention of information, especially given the relentless pace of change. Different learning styles should also be taken into account – this is particularly relevant in global organisations.

Whether an organization chooses to deliver its security training program in-house or outsource it, the key point is not to treat it as a tick box exercise that simply requires a budget, but to invest the time and effort needed to ensure it is the right safety training program. It will only be possible to inspire positive behavior change if organizations understand what the human spirit will respond to positively.


About Author

Comments are closed.