Missed training opportunities
Awareways has examined the learning component in various phishing simulations. By analyzing learning behavior on the landing page, among other factors, we have gained the insight that the learning moment can be optimized.
- Research has shown that 85 percent of visitors close the landing page within 20 seconds. An emotional reaction then impedes the learning moment.
- 35 percent of an organization never clicks during a simulation, representing a significant group of employees with whom we never engage.
Within a phishing simulation, the majority of your employees are not trained. A missed opportunity, isn’t it? Because the employees who do not click can contribute even more to security. For example, reporting phishing attacks and warning the organization.
Teaching this behavior to this group of employees, while at the same time guiding employees who do click through the training in search of basic warning signs, is the unique strength of adaptive learning follow-up.
Changed approach
Awareways adopted a revised approach, an approach in which all employees, regardless of their behavior (clicking or not clicking), receive training.
We distinguish four different behaviors within a simulation:
- Employees click once over multiple rounds
- Employees click multiple times over multiple rounds
- Employees do not click at all over multiple rounds
- Employees click every round
Introduction to adaptive learning follow-up
Regardless of your behavior, you will receive a follow-up email with a communication message (prime) that aligns with your behavior in the round(s). The follow-up email includes:
- a specific behavioral tip;
- a link to a training page and/or;
- a link to a (mandatory) training in our security awareness platform, Wave.
A concrete example:
An organization (5,000 employees) conducts a phishing simulation consisting of 3 rounds.
Round 1 is sent to all 5,000 employees, of which 25% click.
These 1,250 employees land on the knowledge page (training moment 1).
Round 2 is sent to all 5,000 employees, of which 20% click.
These 1,000 employees land on the knowledge page (training moment 2).
After Round 2, all employees receive a follow-up email with a communication message tailored to their behavior in the previous 2 rounds (training moment 3).
After Round 3, all employees again receive a follow-up email with a communication message tailored to their behavior in the previous 3 rounds (training moment 3).
Why is this so effective?
First, you reach and train everyone in the organization.
Also, and more importantly: the learning path aligns in terms of message (prime) and follow-up training with the recipient’s behavior. This increases the likelihood that the recipient is receptive to the message and takes the time to learn further.
Would you like some more information about this effective approach?
Feel free to contact us using the contact form below!