How Role Based Security Awareness Training Bridges Security Awareness and Knowledge Gaps

Adult Learners Need Relevant and Relatable Training

Using intelligent social engineering techniques, cybercriminals know how to tailor their cyber attacks to their recipients. An employee in HR receives a very different phishing email than the customer service representative in a call center or the salesperson who is traveling and accessing the network remotely.

And this is exactly why organizations must place a premium on role-based security awareness training. Just as cybercriminals change their approach based on their audience, the same must be done for security awareness training content and delivery models.

With role-based training, you can meet the unique needs of the people in your organization – answering their questions, addressing their challenges, and providing training that meshes with their job responsibilities and expectations.

Role based security awareness training shows your employees that you understand and appreciate the unique challenges and demands they deal with on a day-to-day basis. This reinforces to your employees, that you do care about their unique needs and are doing your best to help them.

How Adults Learn

Cookie-cutter one-size fits all training used to be the standard. The belief was that any training is better than no training. However, we know that adult learners only learn when the training material is relevant, accessible, and engaging.

Leading learning theorist John Keller identified four keys to adult learning success, known as the ARCS Model of Motivation:

1. Attention. To capture attention, the content and delivery method approaches should include active participation, conflict, humor, variety, and real-world examples. Humor and conflict are not applicable for all subject matters but can be powerful in keeping people engaged.
2. Relevance. Relevant training uses real-world examples, gives people tools and knowledge that solves their immediate challenges, uses language that connects with the recipients, gives people choices in how they learn, and shows people how this training has helped others succeed. This helps underscore the relevance of the material and shows that you’re meeting people where they are.
3. Confidence. People need to believe that they can learn and succeed. Use training that gives people feedback on their progress, uses small steps to encourage incremental learning pathways, makes it clear what the end goal is of the training, and lets people choose how they learn (microlearnings, gamified training, longer courses, etc.).
4. Satisfaction. The lessons learned only last when people feel satisfied and proud of what they accomplished. Training that rewards success with a leaderboard approach or score and then gives people a chance to immediately apply the new knowledge (phishing simulations, gamified training), is key to getting people to remember what they have read and heard.

This learning model underscore the benefits of role-based security awareness training.

When people are exposed to training that they can identify with, they are much more likely to become engaged and interested. To further capitalize on this, you need to put an emphasis on extending the lessons learned with real-life based simulations, gamifications, and interactive learning opportunities.

Bridging Awareness Gaps with Role Based Security Awareness Training

Mandatory training is a challenge for any organization. To get beyond the everyday barriers that come with internal training, give your employees training that captures their attention and shows them how they will benefit from the training. When researching security awareness training options, think of how people communicate, interact with data, and do on a day-to-day basis. The 5-step security awareness framework helps you give people security awareness training that meets your objectives and employee roles:

1. Analyze your organization’s needs and objectives to develop a cyber security awareness program that generates results. What are the roles in the organization? What types of cyber threats and attacks are associated with each role?
2. Plan your program to stay on track and engage your workforce as your stakeholders. Put people first, giving them role-based training that is relevant to them.
3. Deploy an effective training initiative and witness behavior change as it happens. Use a range of training methods and delivery models to reach people where they are in their security awareness knowledge, available time, and the demands of their job.
4. Measure the performance of your program against your objectives and demonstrate progress to stakeholders. Give people feedback on what they are learning and show them their progress.
5. Optimize campaigns accordingly and update your program to incorporate new insight. As roles change or new cyber threats emerge, update the training content and methods to remain relevant, engaging, and accessible.

To give people the right cyber security awareness training – you need to understand what people do and how they do it. CISO coaching is a great way to take a deeper look at your organization so you can understand what people need from their training and how you can deliver it.

6 Security Awareness Best Practices for Every Employee

Regardless of role, every employee needs to remember these 6 security awareness best practices:

1. Protect Your Data

Cybercriminals use faked email addresses and websites to trick people into providing personal and professional information. Think twice and then pause again before responding to an email, text message, or other request for information about yourself or your employer.

2. When In Doubt - Speak Up

If you receive a questionable email, letter, phone call, LinkedIn request, or other message, contact your internal cyberheroes and cyber security leaders. Show them the request and do not act until you know the request is legitimate.

3. Be Pop-Up, Text Message, and Friend Request Aware

Phishing doesn’t just happen over email. Cybercriminals target their attacks based on the ways you use the Internet to communicate, work, and play. Do not accept friend or chat requests from people you do not know. Do not enter any personal information, including your email address in pop-ups that you did not initiate.

4. Create Strong Passwords

Stop using names, favorite colors, or 1234 as your password. Strong passwords are unique and contain a combination of letters, numbers, and symbols. Use password storage software to securely store passwords.

5. Be Aware of Free Wi-Fi

Only connect to secure and password protected Wi-Fi. When working remotely or simply checking your email on your smartphone, only connect to a secure Wi-Fi network. If you work from home regularly, make sure you connect to the office with a VPN.

6. Install Software Updates

Make sure the latest operating system and app updates are installed on all devices. Install all security patches, browser updates, the latest operating system. This keeps Internet-connected devices protected from criminals who use security vulnerabilities to hack and steal information.

Cyber security awareness training for employees should not be complicated.

Think about your security awareness training – is it delivering the right content to the right people, does it use the right tone and language, does it provide real-world lessons that people can immediately apply?  

Get 30 Minutes Of Free Coaching With A Security Awareness Expert

CISO coaching is a great way to take a deeper look at your organization so you can understand what people need from their training and how you can deliver it.