Punishment is evident in all aspects of our life to everything from getting drivers to stop speeding, to getting the dog to not bark at the mailman. Because of this, it is no wonder that several go to punishment when wanting to change user behavior. While punishment is a very powerful tool- that can produce almost immediate change in behavior- it is very hard to control and very hard to maintain. For these reasons, I rarely recommend using punishment when …

Read more »

Many of the products out there would lead you to believe that anyone with Word can write a newsletter but this is not the case. Think about it, you are asking someone to voluntarily take time out of his or her day, or even potential free/personal time, to read a document about security. If done right, you can have a captive audience that happily takes the time to read your content. If done wrong, then all your hard work turns …

Read more »

Making good content is hard and easy to mess up. This is evident with the loads of boring training videos, out dated posters, and cheesy slogans slapped on a mouse pad. But don’t fret, just because it’s hard, doesn’t mean it’s impossible. Making good content is all about asking the right questions before hand. What content needs to be made? What are the different options? What should be used in tandem? What can be used in place of other things? …

Read more »

Now that we know how to effectively pair a problem behavior with a solution, what happens when the problem behavior is the product of more than one reason? For example, several organizations identify ‘falling for phishing attacks’ as one of the biggest problems they have with users in their organization. A cultural assessment reveals that not only do several users have a hard time identifying the ever changing phishing emails, but they also don’t see them as very dangerous, and …

Read more »

Last month we talked about how to create a successful security awareness organization architecture by first assessing the culture. More specifically, in order to change behaviors you first need to (a) identify the key problem behaviors, (b) find out why they are occurring, and (c) identify the holes in the current training. Simply put, you need to know your organizations culture specific problem before you can do anything about them. So what’s next? Well now that you know the what, …

Read more »