Month: September 2024

Keeping Security Awareness Engaging

Employee engaged in cybersecurity on his computer

There is no ‘one size fits all’ approach to Security Awareness. Since people are involved, it remains an ongoing challenge, but a worthy one. Not everyone is alike or cares about the same things, so it takes a multi-pronged, concerted effort, and a commitment to the journey to keep the program Engaging, Relevant, and Sustainable.

Part 1 of this series: Keeping Security Awareness Engaging.

Let’s start with a big picture reminder of the Cybersecurity Awareness Program journey.

Notice that I’m calling this a PROGRAM… not a project. There is a difference. This journey has no foreseeable end but has a meaningful impact on the organization. It takes effort, considered thought, and a willingness to adjust as things change to keep the PROGRAM vibrant and meaningful.

Now let’s get into some practical ways to keep your PROGRAM Engaging.

Practical Ways to Keep Your Program Engaging:

  • Engage THEM (the people in your organization). It seems like a simple start, but don’t assume you know what matters to them or what they are facing. In the words of Stephen Covey, ‘Seek first to understand, then to be understood.’ Here are some practical ways to engage the people in your organization:
    • Engage each group and role in the organization. 
    • LISTEN with the intent to understand the issues each group faces and what matters to them.
    • Meet them where they are by joining or being a part of existing groups and meetings. Don’t make them come to you. 
    • If you are not allowed to join some meetings, engage the leaders of each group to ASK them for information. Perhaps they may also be willing to convey questions or issues to the group and bring back feedback to you. 
    • Gather lessons learned, explanations, and opinions from people. Examples of feedback from staff at an organization:
      • Keep it short (less than 15 minutes). 
      • We don’t read more than the first line or so of a paragraph (so adjust your communications accordingly).
    • Educate your team to also LISTEN differently to information from people in the organization.
      • Example: a Helpdesk staff made note and complained that someone asked them about a Gmail security question. When in fact, THIS IS GOOD. It means the caller was asking about Security hygiene issue and best practices. This was a teaching moment for the Helpdesk staff.
  • Start from a place of trust
    • The goal is NOT to catch people doing wrong. Don’t set traps and weaponize the results.
    • Always convey that the goal of the program is to raise people’s security awareness and acumen …not send them to detention. If people think you are out to catch them making mistakes …they will stop listening.
    • Your users want to do the right thing. Ask yourself, “how can you help?”
    • Learn how to tell a negative story about your organization in a positive way.
      • Things happen. Be open and transparent when addressing issues that the organization experiences.
      • How you respond to an incident carries a lot of weight both inside and outside the organization.
      • Reuse and leverage the story to promote good security best practices.
  • Delivery / Engagement Tips:
    • Keep regular messaging short, concise, and consistent.
    • Remember the “Rule of 5-7” – people need to hear something 5-7 times before they realize they should pay attention. There’s more than just one way of communicating. Email is not your only avenue.
    • Keep the messages immersive, but not disruptive – meaning get to the point and move on. People need to know three things: why they should care, what they need to know, and what they need to do. 
    • Think “Yes, AND …” there is no “one size fits all” approach. 
    • Equip Leadership – Help Leadership be successful in supporting Security Awareness by giving them talking points, notifying them of Security Awareness activities ahead of time, etc.
    • Always look for creative ideas. Don’t think it all rests on your creativity.
      • Crowd source from your organization.
      • Ask peers.
      • Leverage industry groups.
      • Don’t be afraid to ask for help (Marketing Department, trusted business partners, etc.).
    • Some Additional Ideas to keep people engaged:
      • Drawings / raffles
      • Steady flow of practical tips for home and personal security
      • Make it a part of the organization’s HR review process
      • Tie it to the organization’s and individual’s ethical behavior

Next in the series will be Part 2: Keeping Security Awareness Relevant followed by Part 3: Keeping Security Awareness Sustainable. If you need help getting your security awareness efforts off the ground or achieving all three of the above-mentioned goals with your security awareness program, we’re here to help.

About the Author

Kenny Leckie

Alterity | Senior Technology & Change Management Consultant

In his role as Senior Technology and Change Management Consultant, Kenny provides thought leadership and consulting to the community in areas of information security/cybersecurity awareness, change management, user adoption, adult learning, employee engagement, professional development, and business strategy. He also works with clients to develop and deploy customized programs with an emphasis on user adoption and increased return on investment. Kenny is a Prosci
Certified Change Practitioner, a Certified Technical Trainer and has earned the trust of organizations across the US, Canada, The UK, Europe and Australia.

Kenny has more than thirty years of combined experience as a Chief Information Officer, Manager of Support & Training, and now a consultant, providing him a unique point of view and understanding of the challenges of introducing change in organizations. He combines his years of experience with a strategic approach to help clients implement programs that allows focus on the business while minimizing risk to confidential, protected, and sensitive information. Kenny is an author and speaker and a winner of ILTA’s 2018 Innovative Consultant of the Year.

AI Adoption Challenges for Organizations

The business world is experiencing profound transformation, driven by tools like Microsoft Copilot and custom GPTs. These tools promise the moon with enhanced efficiency, streamlined workflows, and improved client service. However, for many organizations, adopting these technologies presents a series of challenges that prevent them from realizing their full benefits. 

Common Challenges

1. Resistance to Change

Organizations often resist adopting new technology due to unfamiliarity, skepticism about their effectiveness, or concerns about disrupting established practices. Overcoming this resistance requires addressing these concerns head-on and demonstrating the tangible benefits of AI tools.

2. Lack of Time and Patience

Some team members may lack the time and patience needed to test and try prompts. This can lead to frustration and underuse of AI technologies. Targeted, hands-on, instructor-led training with relevant use cases is essential to build the skills needed to use AI confidently and effectively.

3. Data Privacy and Security Concerns

Team members handle sensitive client information and must ensure that AI tools comply with stringent data protection regulations. Concerns about data security and privacy are paramount, and any AI tool used must adhere to the highest standards of confidentiality and protection.

4. Uncertainty About ROI

Organizations may be hesitant to invest in AI tools without a clear understanding of the return on investment (ROI). Measuring the impact and value of these tools is crucial to justify their cost and demonstrate their benefits to stakeholders.

How Alterity Can Help

Customized Training Programs

Organizations may be hesitant to invest in AI tools without a clear understanding of the return on investment (ROI). Measuring the impact and value of these tools is crucial to justifying their cost and demonstrating their benefits to stakeholders.

Change Management Strategies

Successful AI adoption involves more than just technical implementation; it requires managing cultural and organizational change. Our change management strategies help organizations overcome resistance and foster a culture of innovation, ensuring a smooth transition to new technologies.

Data Privacy and Security Awareness Training

Protecting sensitive client information is a top priority. We offer guidance on best practices for maintaining data privacy and security while using AI tools, ensuring compliance with relevant regulations and standards.

ROI Assessment and Justification

Understanding the ROI of AI tools is essential for making informed decisions. We help organizations evaluate the impact of these tools, develop metrics to measure success and provide justification for their continued use.

Conclusion

The successful adoption of AI tools like Copilot or custom GPTs can significantly enhance efficiency and client service — but you must overcome the challenges to realize their potential. At Alterity, we support organizations through every step of the adoption process, from change management to training to security awareness and measurement.

Ready to take the next step in AI adoption? Contact us today to learn how Alterity can help you navigate these challenges and harness the power of AI tools in your organization.

Transform Your Learning Experience with Managed Learning Services

In the fast-paced world of business, managing effective onboarding and continuous learning can be challenging. With ever-evolving business technologies and increasing client demands, it’s crucial to have a robust learning strategy in place. Managed Learning Services offers the solution you need to overcome these challenges and elevate your organization’s learning experience.

Enhance Your Onboarding Process

Managed Learning Services offers a streamlined, effective onboarding experience tailored to meet the unique needs of your new hires. By providing customized learning paths and role-specific training, we ensure that each new team member is equipped with the knowledge and skills they need to succeed from day one. This personalized approach not only improves new hire productivity but also boosts their confidence and engagement.

Foster a Culture of Continuous Learning

Beyond onboarding, Managed Learning Services is designed to embed a culture of continuous learning within your organization. Our comprehensive suite of tools and resources supports ongoing development, keeping your team engaged and up to date with the latest industry trends and skills. Whether through self-paced modules, virtual instructor-led sessions, or on-demand resources, Managed Learning Services adapts to your organizational needs and learning preferences.

Why Choose Managed Learning Services?
  • Comprehensive and Tailored Solutions: From onboarding to continuous development, Managed Learning Services offers tailored solutions that meet the specific needs of your organization.

  • Scalable and Adaptable: Managed Learning Services can grow and evolve with your organization, ensuring that your learning strategies remain relevant and effective over time. We utilize detailed analytics and reporting to track progress and measure the effectiveness of your learning programs.

  • Engaging and Interactive Content: Our learning materials are designed to be engaging and interactive, ensuring better retention and application of knowledge.

  • Client-Focused Approach: Managed Learning Services is designed with your organization’s unique challenges and objectives in mind, ensuring relevant and impactful learning experiences.
“A comprehensive approach to technology training is the key to user adoption. This service model will bring content, trainers, a modernized platform, and learning strategies to provide a well-rounded solution.”
– Managed Learning Services Client

Many organizations have already transformed their learning and development strategies with Managed Learning Services. To learn more about how Managed Learning Services can benefit your organization, visit our Managed Learning Services page or contact us today.