This week’s Ask the Expert is answered by Oz Alashe, CEO of CybSafe.
Ask the Expert: How can businesses encourage their employees to behave more securely online?
I don’t think any employee actively tries to behave insecurely online, but sometimes, people don’t have the knowledge or the good habits to recognise and avoid potential threats. Good cyber security training informs and has a tangible impact on behaviour.
So what does ‘good’ training look like? Based on what we know about how adults learn, cyber- security training should be little and often. It’s well documented within educational psychology that people digest more information in smaller, regular bites. Regular training also has a very clear impact on the actions of employees, as behaviours become habitualised and reinforced over time.
The context and presentation of the training is also vital: good training will often draw on real life examples, and will use pictures, video, or gamification to its advantage. Flexibility is also key: quality training will allow users to control the rate of their learning, and will recognise that different people learn in different ways.
However, it is about much more than just training and education. Businesses need to look at awareness, behaviour and culture more holistically and look for support interventions that don’t just provide information on what to do and what not to do, but also provide the right motivational stimuli to induce changes in behaviour. Advanced technologies, AI and data analytics can help a lot here.