-
Safety makes people receptive
Each of us needs to feel safe to do anything meaningful, including being open to change. If we want people to learn, own up to their mistakes, and use their experience to grow, we need to give them the psychological safety to do so.
-
Autonomy is attractive
Adults instinctively reject prescriptive training tactics. They also don’t respond to negative reinforcement. What gets them to build new skills – and use the ones they already have – is experiencing respect for their unique abilities.
-
Security supports progress
When folks see how their actions help keep the company safe, they're more likely to put more time and effort into it. And if cybersecurity training makes them feel like they're getting better, they get more excited about the progress they can make.
-
Interest invites involvement
People only engage with what they value. They need to understand how security training personally benefits them to act out of care, not obligation. To earn their involvement, companies need to steadily prove they’re reliable and act in good faith.
-
Positivity is powerful
Many people associate cybersecurity with fear and negativity because they feel pressured into tasks for which they feel unprepared. Employees respond much better to positive experiences, constructive feedback, and support for individual growth, which draw them towards security and help them make real strides.
-
Feedback closes the loop
Employees typically receive feedback only when they fail cybersecurity expectations. If companies give them timely feedback, it makes security training part of their routine, creating a learning cycle that improves their decisions.
-
Actions demonstrate dedication
People notice the things organizations do more than the things they say. This is why the security training message rarely sticks without regular practice. When companies give employees the tools and context to succeed, they also earn their enrollment.
-
Time together builds trust
Run of the mill security training burns through people’s time, attention, and trust. Companies can use anonymous results from daily practice to make in-person security training sessions worth people’s deliberate participation and energy.
-
Change draws on connection
Vanity metrics from average security training don't help in actual crises. What counts is good communication and that people trust each other. Genuine human connections, which security training can foster, is the real game-changer.
-
True growth needs daily practice
Learning from daily experience is much more powerful than once in a blue moon security training. It also takes less effort and involves less friction. Tiny learnings snowball into big progress over time, given prompt feedback, constant support, and recognition.
-
Variety develops resilience
Companies that recognize cybersecurity is always changing help their team build grit and agility. This nurtures strong relationships that help people take on challenges together, sparking growth through lateral thinking and creativity.
-
Everyone’s a defender
Organizations thrive when making the safe choice is the easy choice for everyone on the team. The right tools and guidance – at the right time – make cybersecurity part of everyone’s language, flow, and “can do” list.
