05/10/2017

Knowing Versus Doing

Use stories to build a culture of IT awareness

If you were to recall past experiences in your life, one in which you were watching a movie, and another in which you were sitting through a lecture, which slice do you think you would be more likely to remember? Most people would say a movie.

Storytelling is one of the strongest ways to get a message across, especially if it's a good story. If it teaches a lesson, the reader may feel compelled to turn that knowledge they gained from the story and put it into action. Because of this, I am a big proponent of telling frequent stories when it comes to building an effective security awareness solution. In the case of my company, we saw an interesting phenomenon happen whereby we aired a story about a rogue USB device, and afterward saw a 3x increase in suspicious emails reported to a client's IT department than in the previous month. There was no correlation between the USB drive and the phishing email, but it became clear that IT security was on users' minds.

A lot of people know what to do, they just don’t always do it. If you ask a college student if they were to receive a Facebook message addressed to them from what looks like to be someone they aren’t friends with, and it contains a link to somewhere they aren’t familiar with, will they click on the link? The majority would tell you "no." What they “know,” however, doesn’t equate to what they “do” as a recent study tells us that about 42 percent of them clicked the link.

Please click here to read the complete article from Forbes.