The continuous learning cycle
Analyze – Review & improve in next cycles
We are frequently asked about the Return-on-Investment (ROI) of our security awareness training programs. Using baseline measurements and reassessments, we identify the impact of enrolled awareness campaigns. Also, we know there is no single fixed roadmap for security awareness training that can be carbon-copied onto all organizations. So in order to set up an effective security awareness campaign, you first need to analyze the current level of security knowledge among your employees.
Using our easy to use Information Security Check, you will get a clear view of the security maturity of your organization. The 10 multiple-choice questions match the 10 key principles that are covered in our Introduction Program Information Security. You will gain insight into what targeted security awareness training topics are most urgently required. In the next phase of the continuous learning cycle, we help you to plan the rollout of this targeted training.
For baseline measurements on the current state of phishing awareness in your organization, you can also use our BePhished Simulation Tool. Available as a self-managed SaaS solution, BePhished puts you in control, without the IT hassle. Using our simulated phishing cases or your own, you can challenge the resilience of your organization at any time. The BePhished dashboard provides real-life insights where weaker spots in the organization are located. Using targeted training, you are then able to respond before vulnerabilities become liabilities.
All our security awareness courses conclude with a self-test. These tests can be made available separately, so you can test the knowledge of your employees beforehand. This allows you to make an informed decision on what training topics you should plan in the next phase.
Plan – Most needed topics are covered first
Now we know what training solutions and topics are needed, we help you plan the roll-out. We rely on the needs analysis and focus on the exposed gap between the current and desired situation. If needed, specific groups of employees are targeted. Also the risk heat map that was created during the analyze phase is taken into account, so most urgent topics are covered first. In the subsequent period we roll out the next topics in line.
Implement – Learning on the job
Our goal is to integrate learning in employees’ daily work as much as possible. Why? Because we believe that while doing your job you will learn the most. That is why our digital learning solutions are available anywhere, anytime and on any device. By providing short training interventions that are part of everyday work, employees no longer have to stop working to participate in security awareness training. In other words: working and learning are integrated.
In this phase of our continuous learning approach, you implement the awareness program as planned in the second phase. Communication is key. The continuous learning cycle is completed by measuring if all the efforts have had the desired impact. Therefore you start analyzing again.
Reinforce – Make sure knowledge sticks in the long-term memory
Forgetting is human nature. Your employees are not confronted with all different security awareness topics on a daily base. In order to make sure everyone knows what the right way of handling is in various situations, you need to make sure knowledge sticks in the long-term memory. Repetition is the key to achieving this. But you cannot just run the same program over and over again. Not only would this take too much precious time, your employees would quickly be bored with the material. And that would not exactly help transferring the so needed knowledge.
Throughout the year, we reinforce knowledge about training topics covered before. Using short learning bytes in various formats, you can be sure employees will actively apply the learned skills at the moment of need. Reinforcement learning tools such as microlearnings, narrow casting and security awareness videos are available for this purpose.