Education

Engagement through entertainment is the path to getting staff to buy into cybersecurity measures, experts say

‘I believe we’re living through an epidemic of boringness,’ one cybersecurity expert tells the RSA Conference.
article cover

Unsplash

ByEoin Higgins

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

When you need to get your team on board with new security rules, one of the best techniques is to make them fun—or at least entertaining.

That was the message from Amazon Security Director Jenny Brinkley and National Cybersecurity Alliance Executive Director Lisa Plaggemier during a presentation at the RSA Conference in San Francisco this April. Training has to catch people’s attention, but, “I believe we’re living through an epidemic of boringness,” Plaggemier said.

Caring is softwaring. On April 25, Brinkley and Plaggemier told the packed crowd at the Moscone Center about techniques and tricks to spur buy-in for cybersecurity preparedness at the staffer level.

Of primary importance? An emotional appeal. Without that, staffers will go through the motions, at best, rather than taking in the information and seeing it as a call-to-action.

You can’t force people to care, Plaggemier said, but you can use tactics to get staff to respond positively to training. “Deliver it through humor,” Brinkley advised.

“If you’re not responsible for trainings within your own business, have conversations with the teams that are—getting people bought into the vision [about] the way things can evolve and change,” she added.

Open channels. Cybersecurity training is of particular importance because of how much damage can be done if people don’t take basic steps to protect their company’s information. That’s hard to do when the audience is checked out.

The problem of how to get information across to a workforce that’s not predisposed to excitement about cybersecurity is sticky. Mike Hanley, CSO for GitHub, told IT Brew at RSA that he believes in first things first—consistent communication can help get the message across.

Let employees know ahead of time, send them reminders, and give them options for logging in to the training, Hanley suggested. “Communication, socializing it so that it’s not a surprise, is really big,” he said. —EH

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B