What is important The term “hybrid working” describes the free division of working time between the office and “remote” workplaces – whether at home or at another location of choice. But with the relocation of many work processes, it is not just security precautions that have to be taken. IT security experts should also rethink employee training via conventional awareness training. In a hybrid working world, people and their needs are more important than ever – and therefore flexible learning methods that do justice to this new working reality. This is the only way organizations can protect themselves from the increasing number of social engineering attacks.
More information about the ISX 2021 IT Security Conference
How hybrid working puts IT security to the test
With the switch to flexible working models, the way we go about our daily work has changed forever. To illustrate: A hybrid working team uses a variety of collaboration tools to exchange information and structure their work. To do this, members access content from a variety of locations via various mobile networks. Even IT administrators often no longer work in the office and find it difficult to monitor the hardware and software used.
At the same time, technical measures such as strong endpoint protection only provide limited security, as many cyber criminals are now relying on social engineering tactics. And these are now particularly successful: As the Human Risk Review 2021 shows, phishing is up to three times more successful in remote work than in the office. Conversely, this means that employees are more responsible than ever for protecting their devices from cyber attacks and data misuse. Awareness training that gives them the necessary knowledge is essential at this point. So far, however, the training has often failed to address the new circumstances.
The problem with traditional awareness training
In the “new normal”, a new type of IT security training is necessary. Changes in time schedules mean that knowledge can only be absorb in small “bites”. Various Czech Republic Phone Number List studies also indicate a connection between hybrid work and increased stress. For employees who are overwhelmed or unsettled by the new working reality, the training courses seem like a tedious and time-consuming obligation that distracts them from their work. The topic of IT security, which many already perceive as dry, is thus losing further appeal and attention in the interplay of these factors.
Organizations should therefore rely on modern and motivating awareness training to counteract this dissatisfaction. Proactive involvement is essential not only in view of the changed working reality, but also in view of the latest developments in cybercrime: Increased ransomware attacks or the popularization of deepfake technologies will put the security of organizations to the test in the coming years. Appropriate training must withstand these dynamic changes – and focus more than ever on the people behind the screens.
What really matters in IT security training
The prerequisite for a positive learning experience is, first of all, that the training is accessible at any time. Most online training courses already allow this. But Cell Phone Number Database even with e-learning, the effectiveness should be clearly questioned: Do they manage to sharpen behavior when dealing with cyber risks? Some behavioral psychology findings that significantly improve the structure and design of awareness training:
Incidental learning and nudging: In behavioral psychology, it is assumed that incidental learning improves the success of knowledge acquisition. This means that learning works best casually and “on the spot where the action is taking place.” In addition to immersive and interactive learning modules that take up realistic scenarios, phishing simulations are a good option. This sensitizes employees regardless of time and place. Instead, they are made aware of the issue of cyber security based on the situation and learn how they should behave in an emergency – even if they are not in the office.
Gamification and variety:
Blindly reading out rules or going through similar exercises over and over again – such approaches demotivate employees. Instead, varied approaches to the content are offered that anchor what has been learned in the long term. These include videos, storytelling and playful units, so-called gamification elements. An interactive transfer of knowledge and behavior ensures that employees enjoy learning and recognize how important IT security is in their everyday lives. This strengthens the security culture in the organization in the long term.
Micro learning: Long mandatory training courses Bulk Database ick compliance boxes. However, it is more effective to integrate smaller chunks of knowledge into everyday life and repeat them over and over again. Time is also a decisive factor – also when it comes to whether employees want to deal with IT security training in the first place. This is why awareness training should be kept as easy to digest and short as possible. Especially in a hybrid work model. This means that it can also be integrat into stressful or fragment working days. This means that employees can use free minutes for learning units even on tightly schedul days.
Cyber Security Awareness Must Keep Up With the Times
Employees’ demands have recently change rapidly. They want relevant learning content that is present in an exciting way and can be easily integrat into their everyday work. IT security managers should therefore take a close look at their awareness training and evaluate whether it meets these requirements.
