Information security training doesn’t seem to stick. No matter how hard we try to educate end users about clicking on suspicious links, they do it anyway—sometimes right after walking out of the training classroom. One study showed that more than 40 percent of breaches are the result of employee negligence.

Clearly, while there are things you can do to protect against insider threats, convincing employees that information security is part of their job remains a major challenge.

Incorporate Reminders Into Your Environment

One approach to keeping employees aware of information security is to make sure the message isn’t limited to the classroom. We recommend having posters throughout your facility to deliver the “Think before clicking” message in memorable ways. Posters can incorporate movie themes like a Jaws poster for ransomware with the message “Don’t be a victim” or a Back to the Future reminder that “Once you click, you can’t go back.”

Share Suspicious Emails

Your training should encourage users to check with security to determine if a suspicious message is legitimate or not, and you can publicize those messages to the rest of your employees. Some scam messages, like the recent ones requesting a payment to prevent release of embarrassing video captured by webcams, lend themselves to humorous treatment, too.

Test Your Employees

The same way surprise fire drills are the best way to know if your safety plan really works, surprise security tests can let you know if your security training works and keep employees on their toes. Tests that send simulated phishing emails let you identify employees who may need some remedial training.

Play Games With Your Employees

While security testing can lead to punishing employees who respond inappropriately to test messages, if you believe the carrots are more effective than sticks, consider gamification of your security awareness. With gamification, employees are encouraged to remain security aware through earning points and skill titles, and have their accomplishments publicized through leaderboards. Friendly competition and small rewards can be great motivators for keeping employees not just aware but active in guarding against information security threats.

Whichever approach you choose, the most important thing to remember is that information security training is an ongoing process. Cyberthreats are continually evolving, and because there’s always a lag between the identification of a threat and the development and deployment of a technological fix, employees will always be on the front lines of protecting your confidential business information.

The IT consultants and managed services teams at Prescient Solutions work with our clients in Chicago and Schaumburg to develop comprehensive information security strategies that protect networks, applications, and data from internal and external threats. Contact us to learn more about the technology and training we offer to keep your data safe.