Two Sides of User Education
-
InfoWorld looks at the Two Sides of User Education. Is educating users really worth the investment?
-
I think it is very much worth it. At my last job, we taught users how to actually use technology to improve their job, instead of just do their job and go home. We taught them how to now click on every link and attachment in emails (and Lord, knows, some of them still did it).
But even now that I've been gone a year, I still hear reports from my guys on the inside that this phishing attack has been shot down, or that virus never made it in... All because we spent time training users en masse, as well as one-on-one.
-
The last 2 lines of the article say it all for me
"User education will not prevent every attack. But it will prevent some while we’re waiting for those perfect defenses to arrive."
-
I love the idea of user education, but the expense is enormous! Currently my employer does not believe the ROI to be worthwhile.
-
@Dashrender said:
I love the idea of user education, but the expense is enormous! Currently my employer does not believe the ROI to be worthwhile.
I wonder if it needs to be enormous. What causes it to cost so much? I suppose, since we are trying to teach common sense, there is no cost that would really do it.
-
@scottalanmiller said:
I wonder if it needs to be enormous. What causes it to cost so much? I suppose, since we are trying to teach common sense, there is no cost that would really do it.
How much does 8 hours of training cost? What's the hourly rate for a good trainer?
-
@Breffni-Potter said:
How much does 8 hours of training cost? What's the hourly rate for a good trainer?
Do you need a good trainer and eight hours?
KnowBe4 does video training for much less than the cost of a trainer.
Firms that I know that are super sensitive to security don't use classes and trainers but do continuous, low cost, short time span training of maybe ten to fifteen minutes here and there. Eight hours, all at once, is not a good way to train anyone on anything. You don't retain it and your mentally disconnect the training from real life.
-
Not 8 hours all at once.
8 hours over 4 weeks. And the knowbe4 content is still pricey for what are just recorded videos.
-
I agree, 8 hours at a wack is not a good way to train, especially for something they probably don't care about anyhow.
My users for example could care less about security - lock my computer when I step away, are you freaking kidding me? I walk away 100+ times a day! If it takes me 3 seconds every time I walk away, that adds like wait while they figure it out like 300 seconds, wait for them to convert to mins like 5 extra mins to my day. Who has time for that?!
These are the kinds of things that are difficult to overcome.
-
@Breffni-Potter said:
Not 8 hours all at once.
8 hours over 4 weeks. And the knowbe4 content is still pricey for what are just recorded videos.
Agreed - the value is there but when you've been spending nothing and now need to look at spending a few hundred a year more per employee plus the time they spend watching those videos (god forbid they do it at home on their own time).
-
@Breffni-Potter said:
Not 8 hours all at once.
8 hours over 4 weeks. And the knowbe4 content is still pricey for what are just recorded videos.
True, but cheap compared to a professor / trainer and very well made.
-
For UE you need to find the IT staff member who was in drama class or local theatre or law school - anything where engaging public speaking is practised. Especially in larger companies you can find a really deep pool of talent at this sort of thing.
Then, ROI is much larger - get that employee to do lunch & learns, after hours classes, whatever. Get mgmt to buy in and offer food / incentives.
1/100th the cost of hiring an external company, the material is INCREDIBLY well tailored to your environment and the "teacher" is always around.
