Elevator Pitch
Scared straight doesn’t work! Still walking your users through how to create a password? STOP! Start teaching your users how to use their Apple iPhone or Android built-in password managers, leaked password tools, and tap-to-pay, and gamify security to create a security culture in your organization.
Description
As security trainers, it’s time to stop using the stick and go for the carrot. We have consistently failed to reach our users after the same old tired cybersecurity awareness training. Even the “don’t click” quizzes, don’t stick.
Personally, I’ve tried everything to get users to care, and what I’ve found is this:
Apple and Google have spent millions of dollars and thousands of programmer-hours to hack human behavior and put a device in everybody’s pocket that can be used to properly secure and privatize their lives. Now we as security experts have to get them to turn these damned features on and start using one-time passwords, encrypted tap-to-pay, and soon, FIDO2 passwordless logins. I’ve started putting talks together that connect with individuals, demystifying the scary Big Brother spooky government stuff around fingerprint recognition and facial ID, and actually asking people to take out their phones during a talk. Show them screenshots, and walk them through turning the features on. Have them do it while you’re in the room. It’s real, tech tips and training, not just “awareness” they’ll forget in an hour.
We’ll cover everything. Quit threatening your users if they fail a phishing test, give them a candy bar when they report a phish! Turn security into game and build it into your culture. Stop letting your cybersecurity awareness training suck!