Security awareness training is not a one-size-fits-all solution. While some organizations tailor their training to different departments or seniority levels, it’s not a common practice to adjust based on age group, for example. Since distinct age groups each learn in their own way, however, perhaps the enterprise should take these demographics into account.
When I used to create and administer security awareness training, there were many employees who needed to be put through classes. The thought of breaking them up by demographic was unfathomable. When I think back, however, it probably would have been more effective to optimize the training to different groups.
Is training based on age group the answer? Or are other demographics or characteristics more relevant?
I spoke with Dr. Jessica Barker, co-founder of Cygenta and a recognized leader in the human nature of cybersecurity, to offer unique insight into this complex problem.
One Security Awareness Training Does Not Fit All
In speaking with many security leaders, I’ve found it rare for companies to tailor awareness programs to meet the learning requirements of disparate demographics. This is no different for Barker, who finds that it is only the more mature companies (in security terms) that tailor their awareness programs at all.
“Many companies follow a one-size-fits-all approach, which is not going to be particularly effective,” she said. “We all respond to different hooks when it comes to awareness-raising. Particularly when we are communicating about threats, it is essential to communicate why the threat is relevant to the people we are addressing. A great deal of psychological research shows that if we don’t do that, we lose people.”
But let’s fa ..
Support the originator by clicking the read the rest link below.
