7 tips for better security awareness training sessions

If your idea of security awareness training is a once-a-year marathon PowerPoint session, you’re doing it wrong.

Boring training sessions?
Credit: Thinkstock
Boring training sessions?

At their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits.

How do you steer your own training sessions closer to the latter? Barkly lists seven straightforward tips that can help.

security awareness training
Credit: Thinkstock
Keep training sessions small

You’re not Steve Jobs. So drop those dreams of delivering an inspiring company-wide keynote and focus on providing smaller sessions geared to particular groups of users, instead. Not only will they be easier to manage, you’ll be able to customize your material to make it much more relevant.

security awareness training
Credit: Thinkstock
Keep sessions short

Not only do employees have short attention spans, they also have jobs to do. Be mindful of their time and keep sessions concise. Avoid presenting for longer than 15 to 20 minutes, and try not to get bogged down in details or go off on tangents. You can always follow up one-on-one with individuals who have detailed questions after the session.

security awareness training
Credit: Thinkstock
Stay focused

Security is a big subject. Don’t overwhelm people by trying to cover too much at once. Instead, zoom in on one particular policy or threat that has the most direct relevance on their day-to-day work. Head into the session with one primary question or topic you’re going to cover and one clear takeaway or next step.

security awareness training
Credit: Thinkstock
Make training a regular thing

Not only do once-a-year sessions result in 364 days where employees aren’t thinking about security, they also perpetuate the misconception that security isn’t a top priority or part of everyday work. Scheduling regular training sessions relieves the pressure to cover everything at once, allowing you to drill deeper into specific relevant topics and build off the previous session’s takeaways.

security awareness training
Credit: Thinkstock
Keep your material fresh

The only thing worse than a boring training session is a boring training session you’ve already sat through before. If you’re repurposing older training session materials be sure to update your stats and replace any outdated examples. Including current references will help your session feel more timely instead of stale.

security awareness training
Credit: Thinkstock
Make it actionable

Rather than pack a session full of FYIs, make employees active participants by giving them a task to do. Whether it’s asking them to change a setting or walk through the steps for reporting a sample suspicious email, having them actually do something will make it much more likely your information will stick.

security awareness training
Credit: Thinkstock
Get executives involved, too

Training isn’t just for rank-and-file employees. You should design a session specifically for management, too. After all, executives are extremely popular targets for spear phishing and other cyber attacks. If they’re skeptical or think they’re too busy just remind them of how damaging it could be if a hacker gained access to their credentials and permissions.

RELATED: How can we improve awareness training?