By Perry Carpenter
Savvy business leaders recognize the role employees play in helping to keep systems and data secure. Studies such as Verizon’s Data Breach Investigation Report (DBIR) continually find that the overwhelming majority of data breaches can be traced back to human-related issues. Organizations cannot afford to place blind trust in technology-based security controls and ignoring the importance of the human element. That approach clearly hasn’t worked. Employees – humans – are a critical layer in your security stack. Ignore them at your peril.
So how can you develop a human-centric program geared to protect employee, customer, and company data in ways that are relevant and engaging?
The stakes couldn’t be higher. Data security is governed by legal and regulatory requirements that, if not followed, could lead to legal fees, stiff fines, and reputational loss.
Let’s face it. Training videos and communication materials are often almost unwatchable and unreadable for employees, whose attention spans are increasingly short. That’s doubly true when those training videos are around data security and privacy issues. Yawn.
Drawing employees into corporate education programs requires a mix of marketing, storytelling, and engaging content. By promoting training as an entertaining and appealing series (“edutainment”), management can motivate employees to actively participate—and to learn something in the process.
How? By blending entertainment and education to attract—and keep—employee attention while boosting the odds that they’ll take away vital information from these interactions.
Here we look at specific tips for doing just that.
Tell a Story
We all like stories, so taking a storytelling approach with your data security communication efforts can boost engagement in meaningful ways. For instance, develop narratives or scenarios that revolve around data security incidents—real or simply illustrative. Or present challenges in the form of stories that employees are invited to “solve.” This helps to make the content more relatable.
In your stories, incorporate humor, compelling characters, and relatable situations to capture employees’ attention and create emotional connections. This will help to make the content memorable.
Focus on Human Impact
Too often corporate training is focused on the company rather than the people in the company. Highlighting the personal and individual consequences of data security breaches can help make the information relevant and relatable to people. Incorporate information that also helps them deal with data security issues in their personal lives. We are all impacted by data security risks.
Seek to Engage While Entertaining
What are your employees most interested in? What’s most likely to capture their attention? If you don’t know, ask. Gather insights from employees to identify their current concerns and interests and integrate those into the content.
Consider how you could leverage their personal interests in your storytelling approach. For instance, if you have a large base of avid football fans, how might a Super Bowl-themed story or challenge related to data security help capture their interest?
Ensure accuracy while entertaining: learning outcomes need to take center stage in your communication efforts, of course. Strive to provide accurate information about cybersecurity and employees’ roles in helping to protect systems and data, while integrating some fun into the delivery of the content.
Show Realistic Consequences
Good stories have a protagonist (in this case, the employees), an antagonist (cybercriminals), and some tension that leads to a climax in the plotline. Use these elements to create content that entertains while also illustrating the tangible outcomes and repercussions of poor data security practices, like the potential damage to personal and professional relationships.
Don’t just focus on abstract or financial consequences. Emphasize human connections and impacts.
Develop Familiar Characters
Create recurring characters in your education materials to build familiarity and emotional connections with employees. Use these characters to deliver data security messages, to showcase improvements, and to provide relatable examples of best practices.
Use Shorter, Engaging Formats
Attention spans are short. Consider producing shorter content pieces, like 60-second videos, commercials, or quick-hit episodes, to deliver specific data security concepts.
Incorporate Entertainment Elements
In your communication materials, use the power of humor, creativity, and entertainment to make learning about data security enjoyable and memorable. Incorporate elements like animation, music, and interactivity to enhance engagement and boost retention of key security best practices.
Blending entertainment and education requires a thoughtful approach that strikes a balance between engaging storytelling and delivering accurate and useful information. By implementing these tips for blending education and entertainment, you can more effectively engage employees in data security-related training while promoting a culture of awareness and best practices.
About the Author
Perry Carpenter is co-author of the recently published, “The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer.” [2022, Wiley] His second Wiley book publication on the subject. He is chief evangelist and security officer for KnowBe4, developer of security awareness training and simulated phishing platforms, with 60,000 customers and more than 45 million users.