Ever wonder why your team just isn’t having your security awareness program? You purchased this expensive, video-based training module and explicitly spelled out what they need to do, yet... they still don’t seem engaged!
While resource libraries and video training can be extremely effective learning tools, they’re not the only way to educate employees and managers about cyber threats.
Sometimes your team needs something a little more... real—an interactive lesson in security. While you can’t ask a hacker to kindly breach your systems and walk your team through a step-by-step recount of their attack, you can give your team a different kind of hands-on approach to understanding cybersecurity.
It’s called experiential learning, and for adult learners, it’s making a remarkable difference.
What is Experiential Learning?
Everyone has their own preferred learning style, but conventional cyber security awareness training programs only focus on two types: visual and auditory. Participants read educational resources or watch videos to understand the threat landscape, but one important learning style is neglected— tactile, hands-on learning.
The approach of “learning by doing” (vs. watching or listening exclusively) is a process called experiential learning, since it’s all about being involved in an experience.
In school, these hands-on learning experiences could have involved science labs, internships, studying abroad, performances, etc. It’s anything where the participant is interacting directly with their work— experimenting, solving problems, getting creative and critically thinking about and analyzing their decisions.
But how does experiential learning translate into cybersecurity?
Examples of Experiential Learning in Cybersecurity Awareness Training
Experiential learning is all about creating interactive experiences—and here are three ways SAPOs are integrating a “learning by doing” approach to security training:
You probably know of at least one company that’s sent individual departments on a day-retreat to an escape room. They ”trap” the team in a locked space and ask them to solve a puzzle or mystery together before a timer runs out, all aimed at facilitating teamwork and collaboration.
This same approach has been repurposed for cybersecurity training, wherein teams solve interactive puzzles to escape, all while learning about security.
In recent years with the COVID-19 pandemic and the expansion of geographically-divided remote teams, the in-person escape room has been converted back into a digital experience.
But while cyber escape rooms still happen behind a screen, they involve live-action storytelling and a great deal of interactivity. Everyone is still expected to participate and collaborate to problem-solve, with the correct answers to little quizzes unlocking virtual doors to get one step closer to freedom. Learn more about our virtual escape rooms here and why enterprises are thrilled to use them.
Security Awareness Interactive Games
Escape rooms are just one of a long list of interactive security awareness games your company can try to make training feel like a true interactive experience.
From “Game of Threats,” a helpful activity a lot like escape rooms that simulates cyber attacks and forces participants to make important decisions under a timer, to “Security Feud,” a spin on the Family Feud TV game show, there are dozens of in-person and online games to help your team learn, hands-on.
Here are 10 of the best cybersecurity games we recommend for fostering better engagement in your initiative.
Virtual Reality Technology
Take “seeing” to the next level with a virtual reality cybersecurity exercise. With the use of augmented (AR) or virtual reality (VR), participants can interact with things directly in their environment. Either by seeing virtual objects superimposed in the room (AR) or by moving through a completely invented word (VR), this training is more immersive and realistic than most desk-confined exercises could ever be.
Some technologies are using AR glasses or VR headsets to simulate phishing and other cyber threats in a near real life experience, allowing participants to perform tasks and directly practice best practices for improving security.
Why Experiential Learning is the Better Approach to Security Awareness Training
There’s no doubt that many learn better by doing versus seeing or hearing alone. Here are some big reasons experiential learning is a gamer changer for many cybersecurity programs:
It boosts learning.
This hands-on learning involves critical thinking, problem-solving and decision-making beyond traditional security training programs with videos and tests alone. Real life experiences facilitate better understanding and retention, since it’s often easier to remember what you yourself did versus what you watched someone else do.
It’s more engaging.
Instead of dozing off behind a computer screen, those involved in experiential learning are forced to be more than a viewer— they must participate. This keeps them alert and accountable, ensuring they’re involved in the education and not just going through the motions of passing an online assessment. Experiential learning experiences follow a plot and a real story and asks them to be a part of it, peaking their interest.
It’s actually FUN.
Many experiential learning exercises are in-and-of-themselves games. They’re meant to foster healthy competition and collaboration and even leverage rewards to help participants feel like they’re playing. Sure, they’re learning while gaming— but they’re playing nonetheless!
Mind if We Help with the Heavy Lifting?
We know that creating an engaging security awareness training program takes a lot of time, creativity and resources.
Let us take some of the weight off your shoulders so you can focus more on the program itself and less on the technicalities.
Our Campaign in a Box package contains neatly bundled resources for rolling out your security program. Think monthly-themed emails, messages and content for Security Awareness Program Owners like you! Easily nurture your training program with a little help from Living Security.