Here you are. You’ve done your cultural assessment, you were able to identify the holes in the organizations security awareness efforts, you modified training and created a 12 month content plan to fix this. It’s time to sit back, and see some real user behavior change right? Quick question: How do you know that your plan worked? Are users reporting more issues to the help desk? Are people more able to identify phishing emails? Are users retaining the information from annual …

Read more »

How many people would get a 3/3 on the following questions without even watching a training video? 1)   Do you need a password? Yes No 2)   Should you give your password to a stranger? Yes No 3)   True or False: All passwords should be displayed in the open True False What if 100 people were asked the following question on the local news, how many do you think would honestly say yes? Have you ever had racist, sexist or ageist …

Read more »

Welcome to Fantasyland where the budget is limitless and the users pay attention to everything you say! In Fantasyland you have amazing annual training that lays a solid foundation of information for your users. You have created testing that accurately and effectively measures user understanding of the training without being too hard or too easy. You have created additional content (e.g., posters, viral videos, newsletters, lunch and learns) that calls back to the concepts taught in training and changes user …

Read more »

Percent Retained = Information acquired    *100 Information presented   Retention is one of the main goals of any successful security awareness architecture. Without retention every poster, video, or lunch-and-learn is as valuable as ‘Snooki’ teaching a lesson in ethics. No one cares nor would they walk away knowing anything new or useful. The reason retention is such big factor in security is because of the relationship between memories and the forgetting curve. (See previous blog for full explanation). In …

Read more »

Punishment is evident in all aspects of our life to everything from getting drivers to stop speeding, to getting the dog to not bark at the mailman. Because of this, it is no wonder that several go to punishment when wanting to change user behavior. While punishment is a very powerful tool- that can produce almost immediate change in behavior- it is very hard to control and very hard to maintain. For these reasons, I rarely recommend using punishment when …

Read more »