3 Fundamental Elements of Effective Cyber Security Training You May Be Missing - And How To Fix It

More than 300,000 customers of Latitude Financial (they own brands like Genoapay, Gem Visa and GO Mastercard ) across New Zealand and Australia could have had their privacy breached in the latest spate of cyber security attacks.

Latitude Financial’s cyber-attack is the latest in the growing list of cyber security attacks across Australia and New Zealand. New Zealand’s Pinnacle Health, and Australia’s Optus and Medibank are among other large organisations that have reported recent data breaches.

No matter the size of your organisation, cyber security training is no small matter. Organisations with poor cyber security training are at greater risk of suffering cyber-attacks. The consequences are dire:

The importance of ongoing cyber security training

In the case of Latitude Financial, the attackers used employee login credentials to steal personal information. Despite strong IT security policies in place, employees are the weakest link in the chain. This highlights the ever growing need to keep cyber security top of mind for all employees in the organisation.

Running cyber security training once a year is setting you up for failure. Encouraging cyber safety isn’t a one-and-done approach – it is an ongoing exercise to ensure all staff stay aware and vigilant. The real challenge for businesses is how to execute it in such a way that cyber security messages are kept front of mind and influence behaviour change in the long term, without fatiguing employees. The answers lie in the basics: what, when and how.  

man and woman looking at a computer screen in the office

Cyber security training isn't a one-and-done event...

What kind of cyber security messages should you send?

When it comes to cyber security messages, remember to keep it snackable. By that we mean clear, concise, and approachable communication that delivers your message effectively.

Sharing snackable messages is a powerful and effective communication tool as it captures and retains your workforce’s attention while delivering a clear and concise message. In today's fast-paced world, people are more likely to engage with information that is presented in a quick and easy-to-digest format. Bite-sized messages are also more memorable because your workforce can easily grasp the key points without being bogged down by extra information.  

When – and how often – to share cyber security messages?

Internal communication teams are wary of overwhelming the workforce with cyber security information from various sources such as emails, newsletters, announcements, reports, chat messages.

Frequency of message is key when it comes to achieving a behavioural change. In fact, the touted number of times a message needs to be seen before it is retained to long term memory is 17. But the key is spacing out the delivery of each of the key messages over 2 or 3 months. 

We can say with certainty that using ‘spaced repetition’ to space out the frequency of cyber security messages is the way to helping employees retain the right information in the long term without succumbing to information overload.

Spaced repetition involves repeating your message at increasing intervals. This embeds the knowledge in long-term memory because consistently reviewing what you’ve learnt allows you to remember what you’ve learnt for longer.

The best protection against cyber attacks is ongoing cyber security training

How should you use your communication channels to share cyber security messages?

When it comes to behaviour-changing communications, you want to share important cyber security messages on a channel that reaches the masses without disrupting them.

Active communication channels like digital signage screens, screensavers, lock screens and the web browsers home screen are ideal communication channels for keeping cyber security messages front of mind.

Digital signage screens are ideal where people gather, such as cafeterias and common areas. They are highly visible yet won’t disrupt or detract the workforce from their day-to-day work; you don’t want to add to the disruptions that are already going on in the workplace.

Putting it all together

There are five fundamental guidelines for delivering effective cyber security communications in the workforce. Your cyber security messages should be:

How do you implement a cyber security training program that has a Snackable Learning Framework© built into it?

If you don’t have a cyber security program in place, our free cyber security mini program is a great place to start. It also comes with a quiz to enforce cyber security message retention in a fun, engaging way.

If you already have a cyber security training program in place, or you’re working with consultants to create one, get in touch! We can show you how to leverage a Snackable Learning Framework© to embed your cyber security program on the right communication channels so that vital messages remain front-of-mind and don’t disrupt the workforce. 

More articles

Vibe.fyi Attains Microsoft 365 Certification: Setting New Standards in Digital Signage Security

The Slide Editor is Getting An Upgrade

What Business Leaders Need to Know About Internal Comms