Latest news

March 24th, 2022

Managed Security Awareness Training: from awareness to behavioral change

Security Awareness is the foundation for information security, but a meaningful and lasting culture change is the goal. That requires an investment in time, money and knowledge, and a management that leads by example. Information security is not a choice, or something you add merely as an option to staff training. It is one of the foundations of responsible entrepreneurship, and the most important part of personnel management that a company can invest in.

Awareways specializes in addressing information security culture through managed security awareness training: guided learning includes support, monitoring and adjusting in order to achieve measurable results with respect to behavior change. We’d like to talk to you some more about a number of our interactive training platforms, in which we facilitate actual culture change in your organization through practical support and stimulating gamification.

Awareness statistics

In a Forrester survey, 3 out of 10 security decision makers indicated that a lack of visibility and influence was one of their biggest security challenges in 2020. Or rather, “only” 3, as previous reports spoke of well over 5 out of 10.

That is a positive development, but it is important not to confuse an increased visibility or indeed awareness with lasting behavioral change that actually reduces the risks and (cyber) threats to organizations.

Indeed, in many cases, that increased information security visibility is a result of high-profile news about hacks, digital intrusions and data breaches, as the number of hacks and data thefts involving the theft of personal data has significantly increased over the last year.

Short-term solutions

In addition, increased visibility is also a clear result of compliance and other security obligations. And even when security teams are proactive about training, completing it is often an end in itself, without attention to actual and structural behavioral influence over the longer term.

Despite the fact that standards such as ISO 27001 and the BIO have required security awareness and training to be part of a security program for years, this has not led to the desired results. Passwords are still written down in notebooks, phishing remains successful and unsafe behavior online is by no means banished.

Traditional campaigns and training help you to pass awareness tests, but information awareness without attention to the organizational culture only provides a fleeting solution. One that is also not tailored to the day-to-day risks, because an understanding of those actual threats is not part of the approach. Such risk mitigation is not a pathway to effective behavior change. Enter Awareways.

Awareness and behavior: on paper

Awareness is the degree to which people recognize risks and are aware that they may compromise the security of information. It deals with the basics, such as what data do we process every day, how vulnerable and valuable is it – and (how) can we handle it more carefully?

Information awareness is more difficult to define in practice. Yes, you can map out what happens in the office, and what knowledge is present. Are passwords handled with care? Do we use the right software when sharing information? How susceptible are employees to phishing tactics? But what are the factors that make up ‘information awareness’? And what does an investment in increasing it yield in terms of actual behavioral change? A high level of information awareness does not guarantee an actuel effect – awareness does not equal behavior!

That’s why Awareways conducts ongoing research into awareness and behavioral change.

Research and application

In collaboration with Utrecht University, the concept of information awareness was operationalized; made measurable. From a behavioral model several variables have been mapped, such as knowledge (‘what do I know – or think I know – about a subject?’), attitude (‘where do I stand on this issue?’), and social norm (‘what does my environment expect, what are my colleagues doing?’).

That measuring tool was then made part of our training programs and e-learning tools, in which we combine our expertise in the fields of didactics, psychology, gamification and communication. Awareways specializes in addressing information security culture through managed security awareness training. We are convinced that our interactive learning platforms and our supporting approach of monitoring and dynamic adjustment are a success factor in facilitating behavioral change.

Awareness Culture Scan

Information is power. The more insight you have into the level of information awareness of your employees, the more sharply we can focus the awareness program. Our Culture Scan (or baseline measurement) is a proven method for measuring, analyzing and increasing information awareness. At the same time, it challenges employees to reflect on their own knowledge level and behavior, turning it into an intervention in and of itself.

The outcome gives your organization concrete action points, as the scan maps out the degree of information awareness. The research provides concrete results, such as:

  • The current state of information awareness;
  • Insight into cultural aspects, including the social norm, relevance and behavior;
  • practical focus areas for a security awareness follow-up program.

Human Firewall Training

Looking for a tool that goes beyond e-learning? A training platform that, thanks to stimulating gamification, really carries knowledge over and offers participants the challenge of growing through visible improvements? Then our innovative training courses are just the thing for your organization. We have several interactive platforms at our disposal, available in several languages.

An Awareways Security Awareness Training is not a stand-alone product that ships aimlessly for the recipient to tick his compliance boxes. It is implemented with support, monitoring and dynamic adjustment included, in order to achieve measurable results with respect to meaningful, lasting behavior change.

In the Human Firewall program we take the challenge to a new level, as we collaborate to build your employee-powered security services. Thanks to stimulating gamification and organization-specific storytelling, we make the security of your organization a collective effort. Ideal for BIO or ISO 27001. Let’s level up!

Security & Privacy Challenges

For the Security & Privacy Challenges, we’ve made our innovative awareness training platform even more interactive, as each employee’s trajectory depends on the answers given. We help organizations to become immune to (cyber) threats. We do this by challenging your employees with scenarios that reflect their actual work situations and information facilities.

We take the custom fit-part of our awareness programs very seriously. The recognizability of the situations within the context of your organization plays a major role, but we extend that customization to every level. The platform is therefore not only designed to reflect the identity of your organization, but also tailored per target group, per theme, and per learning objective. The progress is even linked to the personal knowledge level, because the course per participant depends on the answers given.

This dynamic cause-and-effect interaction with the individual employee is unique to this tool.

Contact us for more information and references