The continuous learning cycle
Analyze – Review & improve in next cycles
We are frequently asked about the Return-on-Investment (ROI) of our security awareness training programs. We identify the impact of enrolled awareness campaign with the use of baseline measurements and reassessments. Also, we know there is no single fixed roadmap for security awareness training that can be carbon-copied onto all organizations. So to set up an effective security awareness campaign, you first need to analyze the current level of security knowledge among your employees.
You will get a clear view of your organization’s security maturity by simply making use of our Information Security Check. The 10 multiple-choice questions match the 10 key principles that are covered in our Introduction Program Information Security. The Information Security Check is easy to use, and you will immediately gain insight into what targeted security awareness training topics apply the most to your organization. In the next phase of the continuous learning cycle, we help you to plan the roll-out of this targeted training.
For baseline measurements on the current state of phishing awareness in your organization, you can also use our BePhished Simulation Tool. It is available as a self-managed SaaS solution and is designed to put you in control, without the IT hassle. Also, you will be able to challenge the resilience of your organization at any time by using our simulated phishing cases, or your own cases. Moreover, the BePhished dashboard provides real-life insights that allow you to locate the weaker spots in your organization. Subsequently, you can respond before vulnerabilities become liabilities by using targeted training.
All our security awareness courses conclude with a self-test. These tests can be made available separately so that you can test the knowledge of your employees beforehand. This allows you to make an informed decision on what training topics you should plan in the next phase.
Plan – Most needed topics are covered first
After identifying what training solutions and topics are needed, we help you plan the roll-out. We rely on the needs analysis and focus on the exposed gap between the current and desired situation. If necessary, specific groups of employees are targeted. Also, the risk heat map that was created during the analyze phase is taken into account, so the most urgent topics are covered first. In the subsequent period, we roll out the next topics in line.
Implement – Learning on the job
Our goal is to integrate learning in employees’ daily work as much as possible. Why; because we believe that you will learn the most while doing your job. That is why our digital learning solutions are available anywhere, anytime and on any device. By providing short training interventions that are part of everyday work, employees no longer have to stop working to participate in security awareness training. In other words: working and learning are integrated.
In this phase of our continuous learning approach, you implement the awareness program as planned in the second phase. Communication is essential. The continuous learning cycle is completed by measuring if all the efforts have had the desired impact. Therefore, you start analyzing again.
Reinforce – Make sure knowledge sticks in the long-term memory
Forgetting is human nature. Your employees do not have to deal with all different security awareness topics on a daily base. To make sure everyone knows what the right way of handling is in various situations, you need to ensure that the acquired knowledge sticks in the long-term memory. Repetition is the key to achieving this, but you cannot just run the same program over and over again. Not only does this take too much precious time, but your employees would also quickly be bored with the material. As a result, it would not exactly help transferring the required knowledge.
Throughout the year, we reinforce the knowledge acquired from previously covered training topics. With the use of short learning bytes in various formats, you can be sure that employees actively apply the learned skills in the moment of need. Reinforcement learning tools such as microlearnings, narrowcasting, and security awareness videos are available for this purpose.