Shall we play a game?

What does it take to turn an organisation’s biggest cybersecurity vulnerability, its employees, into an engaged, proactive human firewall?

02 April 2024

Vladimir Dashchenko, Kaspersky

The conversation around security awareness training is often focused on time: how often should you conduct training? How long should training take? When is the right time to increase awareness? What’s the best way to keep employees engaged? It’s a balance between ensuring that any information provided remains relevant (which is difficult in a security landscape that is constantly changing) and retained.

When a woman who I’ll call Ria Moodley joined a global advertising agency in 2018, one of her first tasks when onboarding was security awareness training. The programme consisted of a few screens with dated illustrations that she needed to click through with multiple choice questions at the end. “I remember one of the questions was about finding a USB stick lying around the office. Would it be okay to plug it into your computer without knowing who it belongs to?” Checking a few boxes, Moodley received a certificate to acknowledge that her training was complete and that’s where her learning ending.

ITWeb Premium

Get 3 months of unlimited access
No credit card. No obligation.

Already a subscriber Log in