Employees are more likely to benefit from cybersecurity trainings with rewards, rather than those that reprimand them, reports The Wall Street Journal.
The fear-mongering techniques some companies have deployed to train their employees are often unsuccessful — employees still use weak passwords or click on suspicious links. What's more, these tactics send employees the wrong message about cybersecurity.
"Ask a young colleague to do word association," Amadeus Stevenson, chief technology officer of Decoded, said at a recent conference in New York City, according to WSJ. "When you say dog, they say cat. But when you say cybersecurity, they will say, 'I'm sorry I clicked that email, please don't send me to cybersecurity training.' They're terrified."
Security experts recommend treating cybersecurity training like a contest by using games with rewards and prizes. This approach encourages employees to feel more comfortable.
One example of a training protocol that applies positive reinforcement comes from Facebook, which hosts a "Hacktober" event each October, National Cybersecurity Awareness Month. During the monthlong event, the company tests employees with fake phishing attacks, spam campaigns and other threats, through which employees can win prizes. Betsy Bevilacqua, Facebook's head of security programs and operations, says it has seen "high engagement rates" and "a lot of positive feedback," according to WSJ.
Click here to read the full article.
More articles on cybersecurity:
Federal government to host IT, cybersecurity hiring event
FTC investigates Equifax hack, Dems introduce data breach bill
42.4% of Americans willing to give up alcohol to ensure cybersecurity