You’ve put your heart and soul into crafting a diverse cybersecurity awareness training program. But now that you’ve rolled it out, things aren’t going the way you hoped.
Employees seem unengaged... and there’s a general undertone that the training is a waste of time.
Oftentimes without realizing it, Security Awareness Program Owners (SAPOs) like yourself are victims to or push a “negative” culture around security. We threaten and shame teams to complete the training instead of empowering them as our security’s greatest assets.
Instead of nagging employees to learn, we’re here to flip the narrative and reward them for what they’ve completed— even if it's just the shortest education module— to create a powerful shift in how they perceive the training.
Best of all, it doesn’t have to take a lot of effort. But the impact of these small encouragements— well, that could be huge.
Here are five ways to reward your team during cybersecurity awareness training:
1. Shift from a “shame” to a “praise” mindset.
This is the real doozy! Your first radical step to building excitement around your security training initiative.
In order to spark interest in your program, your employees need to feel safe to learn. After all, who wants to do something if they’re yelled at every time they do it? Just like your husband is less likely to empty the dishwasher if you complain about how he put things away wrong every time, your employees will be less likely to invest in improving your security if you tell them time and time again they’re the reason it’s weak.
Instead of shaming your team for all the ways that bad actors could trick them, take on a more uplifting mindset. The tone you set for your training could be one of, “you have to do this because you’re stupid!” OR, it could be, “you’re a vital part of our security and we thank you for doing your part!” Which would you feel more motivated by?
2. Give verbal recognition one-on-one or in a team setting.
One of the best ways to praise your employees is to verbalize how well individuals are doing with your program.
There are plenty of worthy achievements for words of affirmation:
- Who was the first to complete a certain training module?
- Who got the highest quiz score?
- Who reported a suspicious phishing email?
- Who attended an educational webinar or lunch and learn?
- Who asked your service desk before downloading new software?
When it comes time to recognize a team member, in-person or video calls are always best to convey smiles and important body language cues. Unfortunately, we know it’s not always possible or realistic for SAPOs or individual team leads to chat with every employee this way. Sometimes an email or quick live chat message over Slack, Google Workspace, etc. can do the trick.
Even saying, “Hey, Kim. Proud of you for being the first to complete the MFA module!” or “Trevor, you were the only one to call out that phishing email! Way to go!” can go a long way. Encourage managers to follow up with helpful questions, such as, “What was the most important thing you learned about MFA?” or “What made you second-guess that email?” to pass along feedback.
Be mindful that some employees may be shy about group recognition. For them, it may be best to share your encouragement privately instead of posting on— say, a team channel. Encourage managers to speak to their employees in their preferred method and to understand the power of quick, yet impactful communication.
3. Incentivize with a small physical prize.
Remember that employees are helping to improve your security while juggling their probably already heavy workload. Employees may feel like they’re doing a lot of extra work for no payoff or return.
While some honest “thank yous” are nice, words of affirmation don’t impact everyone the same. Others may value tangible rewards for their hard work and contribution to your security program. For those that respond better to “gifts” than words of encouragement, think up a few tiny yet meaningful prizes you could give away for their achievements.
For instance, a manager may have the budget to give each employee who completes a certain security lesson a $5 coffee gift card. You may think, “Five bucks? Big deal,” but it’s more about the gesture than the money. If an entire department completes the training by a certain date, promise them a catered team lunch. If you’re able, you could up the ante by offering out PTO days or big points in your Employee Rewards Platform. Collaborate with your various departments to determine what their employees would best respond to as prizes.
4. Integrate encouraging messaging continually throughout your program.
While the previous two examples gave examples of ways to reward employees for cybersecurity training after an accomplishment, encouragement doesn’t always have to come as the result of the action. You can send your team encouraging messages to motivate them to complete training as well!
Think up a few on-brand reminder messages to equip managers with. For example, you could send team leads a list of 15 follow-up messages with specific dates to send them. These pre-written reminders are easy for leads to copy and paste and post in team channels. One might say, “Looks like 16 out of 30 of us completed the Malware module. Go team!! We’re only 14 away from the DELICIOUS PIZZA PARTY! Can you smell the cheese?” while another, “Don’t forget that quizzes must be complete by Friday. Does anyone think they can beat Matilda’s 95% score? $15 Starbucks gift card to the smarty pants who can!”
Encouraging messages don’t have to be just reminders to complete training either. They could be educational bits with “Did you know?” content to stick with the theme of that month’s training. While things like this seem like a lot for SAPOs or managers to create themselves, some security partners like our team at Living Security can help to create these assets for you!
5. Use a security awareness training software that integrates rewards automatically.
While you don’t want to take away the “personalization” of praising or rewarding an employee taking security training, there are a few ways to automate the process. Some tools or training platforms make it easy to set up triggers and workflows once a certain action is performed.
For instance, you may be able to have an email go out after a training module is completed that uses personalization tokens, using the employee’s name in the subject line and recommending other useful content. Or, programs like ours at Living Security empower users with “badges” for reaching certain milestones in security training, giving them virtual rewards like the “Early Bird” badge for completing their lesson early.
The Resources Every SAPO Needs!
While all these ideas for rewarding employees doing cybersecurity training seem great in theory, we don’t always have the time to personalize messages or iron out all these ideas.
Luckily, our Campaign in a Box does the hard work for you. Receive instant chat and email messages, shareable unique content like blogs and more to empower managers with the rewards they need to motivate their employees.
Reach out for more information, today!