Removing the Pain of Training
One of the most difficult tasks associated with delivering Security Awareness Training often comes as a surprise to admins.
Administering the training, troubleshooting deliverability and tracking performance can take a lot of time with a manual platform, but they are relatively easy compared to this.
The hardest task?
Ensuring that users remain engaged with training, complete it regularly and react positively to remediation, when necessary.
The key to keeping users engaged in training and remediation is removing friction.
INFIMA does this with courses that are easy to access - no passwords needed! - and quick to complete. Plus, we avoid video content that risks allowing users to “switch off” mentally to pass the time.
INFIMA’s bite-sized, text-based training modules are optimized for engagement and retention. The short quiz at the end of training ensures that users are paying attention to the key takeaways and absorbing them.
This approach came out of our team’s university research on behavioral approaches to failure remediation. We did this work with professors across Psychology and Cybersecurity and focused on determining the most effective ways to eliminate unsafe behaviors.
We've implemented those research discoveries in your Training and Phishing program.
As you're already aware, remediation is tough to balance. If your program is too lenient on failures, training isn’t taken seriously. If the punishment for failure is overly harsh, users begin to fear training more than the real attacks - turning it into nothing more than a box to be checked.
Neither of these attitudes is conducive to effective training.
Effective training requires retention so that key lessons drive safe behaviors when a threat arises.
Based on the team's research findings, INFIMA developed a two-step approach to failure remediation, drawing attention to failures while reinforcing safe behaviors.
On clicking a link in an INFIMA phishing simulation, users are immediately shown a notification telling them that they have been phished.
While this notice isn’t threatening, most users can’t close that window fast enough! (it’s the truth…) When you land on a page you’re not expecting, it’s a shock.
There is an emotional response to a failed Phishing test, and we take that into account.
To educate the user on the behavior that led to their mistake, INFIMA follows up with an email the next morning, too. This follow up is the key to cementing remediation.
Once the emotional response to the failure has passed, users are more receptive to feedback.
INFIMA’s first step is to reassure the user - after all, they failed a simulation, and no harm is done. Training should empower your team to recognize threats, not make them feel terrible for making a mistake!
Let’s not forget, we would happily see users failing every phish test if it means they react properly to a genuine phishing attempt!
Your users’ remedial update includes details on the email that fooled them and delivers an “arm around the shoulder” experience to failure. You keep users engaged with the training and still reinforce their vulnerability. This reminder serves to make them more aware of the dangers and improves your security going forward.
This increased awareness is proven as phishing click-rates decline over time.
On top of all this, users who click on phishing messages are given additional training opportunities - without a single button click from you!
INFIMA’s multi-faceted (and fully automated) approach achieves highly effective security awareness training across your organization, without resorting to punitive measures and constant badgering.
To learn more about how INFIMA’s industry-leading Partner Program, click here to chat with us!
On that call, we’ll share how you can easily deliver effective Security Awareness Training, without investing dozens of labor hours into program setup and management.