General Cyber

When the Stars Align: 10 Tips to Run User Training & Awareness

Updated on Leave a Comment on When the Stars Align: 10 Tips to Run User Training & Awareness

What does astronomy have to do with cyber security, and why bring this up now? In this article, I take a long gaze at the future, and how to run the perfect user awareness and training campaign.

Some of you may know that I have a wide range of hobbies and interests — ranging from Astronomy to Zoology. I wouldn’t say that I was expert in any of them but it makes me happy and gives me an ‘outlet’ away from IT and Cyber Security.

Recently, I’ve had my telescope out and it’s been a great month for looking up. Several planets are aligned, there is a comet ‘tearing’ across the Sky and in my part of the world we are about to view one of the best meteor showers of the year.

I am a lazy astronomer and really only get my scope out when I know there will be something interesting to view, or I can get a good clear chance of bagging several planets, a comet and a meteor shower all in one session. Then perhaps I will get it out if I spot something interesting on the horizon.

However, the end result is that by the end of the year with relatively few star gazing trips out — I could confidently hold my own in a discussion about the planetary events, highlights of the year and some of the experiences I had throughout. The ‘stars’ have aligned nicely this month.

However, this piece is not about star gazing.

Gazing at the future

At this moment in time we are gazing to the near and distant future. A lot of us are slowly making the transition back to normality and although the official government advice is still to stay and work from home, many businesses have to venture back to on site working. We are in a hybrid situation of on-premise and off-site working, and so we continue to mix work and home office practices.

The threat to our data has never been greater.

The threat from technical and social engineering attacks has also never been greater, and we are constantly seeing statistic after statistic reporting the amount of online fraud, phishing and malware attacks — not to mention the advanced persistent threat picture.

So as all these ‘stars’ align — now is the most opportune moment to focus on getting our staff trained and aware of the threats and vulnerabilities of the next few months.

Tips for Running User Training and Awareness Campaign

During nearly all of my training courses you will hear me jokingly say “If you see User Training and Awareness as an answer, put a tick against it and talk yourself out of why it is not the correct answer!”

This rather flippant comment however, is probably true and worth an easy point in an exam 99% of the time. It’s an easy answer but not an easy task to conduct.

Mention a mandatory security brief to a member of staff and record the number of different moans, groans and excuses not to attend. It’s a tough challenge for any security manager to overcome.

However there a few simple steps that you could follow that should assist with the challenge:

1. Don’t do them too often. Regular doesn’t mean at a set time every week/month/year. Look ahead to an opportune time in the business calendar, event horizon or new implementation, and incorporate a user awareness session as part of the program.

2. Update when things get interesting. If you routinely churn out the same story you will lose your audience to the point where they will not even bother. However, if something new or important has occurred or is on the horizon — give your users the news.

3. Make it meaningful and relevant. Know your target audience and what their working practices are. Tailor the content to meet their working needs and maybe give them some useful snippets which they could use on their own home networks.

4. Make your sessions interactive. Don’t just present slides and play video clips. There are some great resources from the NCSC and your local Cyber Protect unit would be only-too-happy to give you a steer but use your own material also.

5. Think of using gamification. Some of you may have been lucky enough to have had a Lego Serious Play session or similar team building exercises. You either remember them because they were fun or that you won — but you remember them.

6. Don’t rely on poster campaigns and email flyers. These have a limited amount of impact and quickly fade from memory. If you do use posters — keep them updated.

7. Make it mandatory for all staff. Having executive sign off and attendance gives the policy the credibility it requires.

8. Measure understanding. Have a quiz or test with a certificate for attendance/passing.

9. Make it an online event. There is no excuse that you are not in the office as we are all now connected in some form. Whatever technology you are using is a perfect platform to share slides, video, play games, run a quiz and ultimately get a large audience all in one place with little overhead.

10. Make if fun. Fun doesn’t detract from the serious message you impart. Humour is a great aid to remembering facts and presentations. Train and entertain are two separate skills but a mixture of the two goes a very long way.

Now is a great time to implement a User Training and Awareness campaign as the universe is slowly aligning back to some form of normality but still fraught with uncertainty and risk. Get the focus right and your company will reap the rewards.

Related Post

Don’t Make Me Have to Write the D Word

Money Can’t Buy Me Love

From Yo Yo Champions to Polar Bear Wardens

Kentucky Fried Nothing

Grand Designs

Why is a fork-lift truck driver not a geek?

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.