Not Enough Time – 5 Reasons Why Security Awareness Training Programs Fail – Part 4

I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.

 

1. Your CFO Might Disagree
2. Classes Clash With Other Duties
3. Training Managers and Executives
4. Web-based Training Without Bookmarks

---

1. Your CFO Might Disagree

You and I might think that information security is a fascinating subject and be prepared to read about it for hours, but I can almost guarantee that your CFO will hit the roof if you take all 10,000 of your staff away from their jobs for a full day of security awareness training.

Before presenting your proposal to senior management, take a moment to figure out the financial impact. For example:

10,000 staff x 1 hour x $25 per hour = $250,000 of lost time!!Keeping the required time to a minimum is also a strong reason for using web-based rather than classroom training. As I noted in my previous posts on outlining web-based and classroom training, using web-based training can save you a lot of student time by eliminating classroom “tasks” such as seating students, handing out and collecting feedback sheets … For more details, see:

• 6 Easy Steps to Outline Your Web-Based Security Awareness Course
• 4 Easy Steps to Outline Your Security Awareness Class

---

2. Classes Clash With Other Duties

Time can be just as much a problem in a smaller organization – especially if you’ve decided to carry out the training in the classroom. Quite often, it’s difficult to take critical staff away from their posts for the full duration of a classroom session.

This is another reason for considering web-based training since it can be taken on-demand, and fitted around other duties.

---

3. Training Managers and Executives

Managers and executives are one of the worst groups for ignoring training, and this is particularly troublesome because they’re quite often the targets for social engineers and phishers.

Keeping training short and highly focused on issues related to the business helps but, right now, this is a problem that I don’t have a good solution for.

---

4. Web-based Training Without Bookmarks

I haven’t seen this one for a while, but it’s still worth mentioning. As noted in #2 above, one of the great benefits of web-based training is that you can stop and start a course, and fit it in around your other duties. But this depends on the course supporting ‘bookmarks’.

Develop a web-based training program without bookmarking, and you’re throwing away one of its main benefits.

---

Next time, the last post in this series … programs that don’t fit with other training initiatives in the organization.

---

Previous Posts in this Series

• Too Expensive – 5 Reasons Why Security Awareness Training Programs Fail – Part 3
• Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2
• The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
• 5 Reasons Why Security Awareness Training Programs Fail