In a world where over 90% of security breaches involving a phishing element, a company’s employees becomes the weakest link but also the greatest asset in security. Technical tools can only be so successful, and it’s up to your employees to recognize the threat. Security awareness training can help.
But how do you teach them? Our work days are busier than ever, with meetings, appointments, projects, and customers to help. Long (and boring) training sessions and meetings just don’t get the job done in security awareness.
We use the term “awareness” because there’s nothing proactive about avoiding a phishing email. Success comes from being aware of the threat, and creating habits to avoid falling prey to an attack.
Enter the Idea of “Edutainment”
At Hook Security we’ve found that when employees are shown short, funny, but educational content, they are much more likely to retain the information.
Before diving in more to edutainment, let’s have a glance at the alternative: Fear.
Fear-based security awareness training invokes other workplace fears, such as embarrassment, fear of firing, and even financial fears. And when the goal is to create a positive, security-aware culture, fear and negativity kills that.
Additionally, alternative methods of training tend to give tons of “new tasks” to the employee, such as changing passwords all the time, and when employees have tons of things to watch for, combined with fear and stress, they tend to just, well, do none of it.
So What is Edutainment?
Edutainment is an incredibly clever combination of the words “Education” and “Entertainment”. At Hook Security it refers to how we provide point-of-infraction (POI) training to employees. When an employee clicks on one of our simulated phishing emails, they see something like this:
Our entire company is built on this idea of providing an entertaining way to train your employees to spot a phish. We do this for two big reasons:
It Doesn’t Ruin Their Productivity for the Day
When an employee fails a phishing test, they watch a short video that explains what they should have looked for to avoid clicking on the phishing email, while keeping it lighthearted and funny. They learn, make a mental note for the future, have a chuckle, and go back to work.
It Contributes to the Overall Security-Aware Culture of Your Company
Employees shouldn’t feel as though their job is on the line with every email they get. Fear of management leads to silence, and sweeping things under the rug. This is why CEO fraud is so successful. Hackers use employees’ fear of their boss to imitate him or her and steal money.
Why We Use Edutainment
From our marketing videos down to the product itself, we apply an edutainment factor to everything.
Exhibit A: Our “about us” video is done in the style of one of those weird 80s dating VHS tapes:
Silliness aside, the reason we’ve doubled down on entertainment for our training videos is because, well, they’re simply more effective. We’ve found that applying entertainment to education:
- Enhances creativity
- Encourages collaboration
- Keep people more engaged
- Increases retention of information
These benefits correlate directly with a healthy security-aware culture.
Which contributes to overall company culture.
Which means for productivity.
And more profit.
So, why is our awareness training so effective?
Because cybersecurity is too important to take seriously.