When faced with a security awareness program, it’s very common for security managers to ask the following question: What’s the best time for my users to view awareness and training content?
While there are several valid answers, today we’ll analyze one that might seem a little unconventional at first glance: “The best time to do it is when learning a particular topic or idea is easiest for the user.”
This answer may sound pretty obvious but also hard to put into practice… How do we know when that time is for each user?
The Perfect Moment
The idea behind this comes from the concept of “Teachable Moments” (or “Momentos Educativos” in Spanish). This concept became popular in the field of education in 1952 with the publication of Robert Havighurst’s book, “Human Development and Education.”
Robert explains in his book that a person can only learn a particular concept when the timing is right. This moment is known as a “Teachable Moment.” According to him, unless it’s the right time, learning won’t happen.
With this in mind, Robert recommended repeating key points when teaching children to increase the chances of mentioning the concept when each child’s teachable moment occurs.
This concept has evolved over time and has been adapted to the different learning stages people go through over their lives. Additionally, ways have been found to detect when a person is in a teachable moment, and there are even techniques to create those moments.
Creating Teachable Moments in an Awareness Program
If we apply these concepts to our awareness programs, we’ll see that a great time to show users which of their daily habits put their information at risk is precisely when they are engaging in those unsafe habits.
Let’s imagine we want to teach a user that it’s unsafe to click on email links without thinking. We could send them a newsletter regularly to remind them, or even provide training on dangerous links, which would certainly be beneficial for them.
But if we want to take it a step further, we can use the concept of Teachable Moments. What we could do is create the right learning moment through a Phishing simulation. The moment the user clicks on a dangerous link in our simulation would be our induced Teachable Moment, and thus, the perfect time to present the appropriate training material. This way (according to the theory of Teachable Moments), the training content will have a significantly higher retention rate and result in meaningful learning.
Conclusion
Drawing a parallel to the principle that security should be implemented in layers, I believe education should also be delivered to users in this way. So, to the question that started this post, I wouldn’t give just one answer, but I would take into account both the concept of Teachable Moments and other equally valid approaches to address and influence users’ habit changes from different angles, making the most of each method’s advantages.
Teachable Moments, in particular, are extremely useful because they have a big impact on users, and with the right tools, it’s possible to induce the most relevant learning moments (clicks on dangerous links, entering data into Phishing forms, downloading malicious files, etc.) and teach each user at the moment when they’re most receptive to understanding the lesson.
Leave a Reply