You have carefully selected a training program. Employees are completing the courses. And yet, they are not reporting suspicious emails and their passwords are made up of favorite sports teams and graduation dates. What is missing?
Research shows that implementing training alone, as good as it may be, is not enough. We have learned that the transfer of new knowledge and behaviors on-the-job is dependent upon the work environment itself. This concept boils down to two important considerations: removing obstacles and securing buy-in.
Let’s start with removing obstacles. Put another way, you will increase the success of your security training program if you make it easy for your employees to apply their new skills and knowledge.
If you want employees to report suspicious phish, implement a simple button or forwarding method. If you want employees to change their password every month, force a password reset every 30 days. You will see significant progress in reaching your learning objectives if you facilitate the application of new knowledge and skills!
Now let’s talk about securing buy-in. Do your leaders, from front-line managers all the way up to your senior executives, believe in the security training program? Do they lead by example and coach their team on the importance of the program or are they rolling their eyes at the thought of completing training assignments or changing their passwords? Are they snickering around the water cooler at your latest phishing simulation? Or worse, are they giving their team members a heads up that it is coming?
Scientific research paints a clear picture: what happens before and after training is critical to its success. In fact, manager and peer support ultimately determine the extent to which knowledge and skills are applied on the job (Bell et al., 2017).
Why is that? The organizational climate will either increase or decrease employee motivation to learn and transfer what they have learned. It is critical that your workforce, especially its leadership, believe in the goals and methods of your training program.
Take a step back from your program to consider whether the organizational climate is ripe for its success. If you focus your efforts on removing obstacles to application and developing your leaders into ambassadors of the program, you can rest easy knowing that you are helping to reach a return on your investment in training.
*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Kimber Bougan. Read the original post at: https://info.phishlabs.com/blog/improve-training-successes-optimizing-environment