Language and Context Counts When Building a Cyber Secure Corporate Culture

Getting employee buy-in on security awareness training takes more than snazzy graphics and gamification. Your employees need to connect with and relate to the security awareness training.

This connection only happens when your employees see themselves in the training scenarios, examples, and graphics. For global organizations this means you cannot use the same training for example, in Canada, Germany and Brazil.

Your employees need to clearly see how they can be victims of a cyber attack. If the training is not in their primary language, uses cultural references they don’t understand, and neglects to take into consideration their societal norms – the training is not going to work.

Organizations struggle to get their employees to participate and care about their training.  Lack of localization is one of the key reasons that leave employees with the impression that the training has not been developed with them in mind but for the general population instead.

Localized security awareness training gives your employees training that they can relate to and connect with. The messages about phishing, social engineering, and email threats are much more relevant and impactful when people connect with the training content.

The Differences Between Translation and Localization

Do you remember the poorly translated instruction manuals for VCRs and DVD players? The language didn’t make sense, the wrong words were used, and the manuals were useless.

This underscores the differences between translation and localization. It is not enough to run your training through Google translate – you need to take into consideration the cultural meaning of words, symbols, colors, and images.

  • Translation is the process of translating source content into a new language. This is a literal translation of the words.
  • Localization takes translation many steps further by translating the content into a new language while taking into consideration the culture and how this impacts the words, images, and examples. Localized content is region specific and conforms to cultural, societal, and linguistic norms.

You need your employees to care about security awareness training. One of the best ways to do this is to demonstrate that you care about them with people-centric training.

Give your employees training, newsletters, posters, and examples that are in their language and culture. Help them see themselves in the training and they will understand how they can become victims of social engineering and phishing attacks.

Ask These Questions About Your Security Awareness Training and Employees

Think of your employees as your audience. What do you need to give them to get them interested, engaged, and connected to security awareness training?

Use these questions to dig deeper into what your employees need and deserve from your security awareness training:

  1. Do you have a global workforce?
  2. What languages do your employees use at home and work?
  3. What regions and locales do your employees live and work in?

These three simple questions tell you so much about your security awareness training needs and constraints. For any organization with a global workforce, it’s imperative that you communicate with your employees in their native and preferred language.

This is how you capture attention, build relationships, and show that you appreciate their unique challenges. Do not assume that everyone knows and understands English.

Remember that phishing emails arrive in inboxes all over the world in the localized language of the recipient. We know that people are much more likely to respond to and trust phishing emails sent in their native language.

To get employees to trust you and your security awareness training – do the same thing as the cybercriminals – connect with them and build a relationship in their native language. Trust is important when it comes to learning and retention.

Download The Definitive Guide to People-Centric Security Awareness to learn more about why your people need to come first in security awareness training.

Why Localized Security Awareness Training Matters

Localized security awareness training matters because you need to build a cyber secure culture. Phishing, social engineering, BEC, and CEO fraud are not going away.

You need your employees to understand the risks arriving daily in their inbox, social networks, and smartphones.

To drive motivation and knowledge retention you need to deliver end-to-end security awareness training in the native languages of your employees. This means every aspect of your security awareness training program including micro and nanolearnings, gamified training, email newsletters, poster campaigns, and phishing simulations must be localized and personalized.

When considering your choice of a security awareness partner, prioritize a partner whose goal is to give each of your employees personalized security awareness training. This means that your partner of choice should be able and willing to work with you to get to know your employees including their native and preferred languages, their cultural norms, and their training challenges and needs.

Remember, most people have a wearyattitude towards training. Conquer this training fatigue with training that is easy to understand, is engaging and creative, and speaks to your employees.


We want what you want – a cyber secure culture.

Read The Definitive Guide to People-Centric Security Awareness to learn why localized and personalized security awareness training matters.