4 Tips to Train Non-Technical Employees on Cybersecurity Awareness

By January 7, 2019 No Comments
Cybersecurity TTA Blog

Who would have thought that a North America casino who used sensors in their fish tanks to regulate the temperature, food, and cleanliness would be featured on the headlines news because hackers stole 10 GB of company data through its internet-connected fish tank[i]. Hackers are constantly looking for new ways to steal business data.

Employees face cybersecurity risks every minute of the day. Contrary to popular belief, not all breaches are from a malicious hacker. Often, security breaches occur at the hands of innocent employees who make mistakes that can be easily avoided. Simple everyday activities that employees do can be dangerous in the world of cybersecurity.

From the front office staff to the CEO, every employee needs the proper training to combat threats from outside and inside the organization. For agencies and government contractors, the Department of Defense Directive 8570, requires anyone who works on a project related to the DoD must be properly trained in cybersecurity.

So, employees with non-technical backgrounds and skillsets, are participating in training programs alongside a more technical experienced staff. What is the most effective way to train this diverse audience that have varying levels of technical expertise? I turned to an expert to find out.

An Interview with a TTA Technical Training and Cybersecurity Guru

I recently had the opportunity to talk with Shadow Farrell who is one of TTA’s technical and cybersecurity training experts. He has trained thousands of learners on advanced technical applications globally, including Microsoft technology and CompTIA exam objectives. He holds over 30 certifications, including advanced certifications in Microsoft OS since Windows NT 4.0 through Server 2012, as well as Novell Certified Network Administrator, CISSP, Certified Ethical Hacker, CompTIA Certified A+, Network+, Server+, Security+, Project+ Technician, Microsoft Office Specialist Master Instructor, and CIW Professional. Based on his extensive technical training background, he shared his unique perspective on working with an audience of learners with diverse backgrounds and varying levels of technical experience.

“People at all levels contribute to the risk and protection of an organization’s cybersecurity practice,” said Shadow. “The fact that they work there makes them a risk, that’s why training is critical for everyone in the organization.”

Over the last five years, the number of non-technical learners in technical and security training classes, like Cybersecurity, has grown considerably. Shadow often teaches classes with more than 80% of learners being non-technical. So, what is the best way to communicate highly technical concepts to non-technical people?

Here are four best practices he recommends when training a diverse audience of learners.

Tip 1: Never assume anything

Regardless of the ratio of technical versus non-technical learners in the group, a trainer cannot make assumptions. Just because someone is a Network Engineer does not necessarily mean they have more knowledge and training than someone else. Maybe they were self-taught? As a trainer, you do not know what information is stored in each of the learner’s brain, so you need to find out. Level set, ask questions, and assess the entire audience. Do not make assumptions based on age, title, or background or you will miss the opportunity to customize the training to the audience.

Tip 2: Avoid using a technical word to define another technical word

How do you talk “techy” to an audience who may not be technical? The same rule applies to defining technical terms. Learners will not be able to understand, retain, or relate to technical definitions that are defined by other technical terms. Keep it simple and describe terms through examples. For instance, Shadow often talks about the Little Orphan Annie decoder pin from the classic holiday film, A Christmas Story, and uses analogies like this to relate to the non-technical audience.

Tip 3: Activate the mind

Design and deliver the training class as interactive as possible. One of the best ways to do this is through storytelling. This stimulates another part of the brain and makes learners remember what they learned. Sharing stories that relate to the content is one of the best ways to create a lasting learning experience. This is especially true for learners without technical expertise. It is important to start from something universal and build upon it.

“The brain works like Legos,” said Shadow. “People store information and build upon it, so tell practical stories to find something they can identify with from the field or life. You’ll be surprised how they can relate and remember the information.”

In fact, Shadow told me a funny story about this grandmother and a Trojan virus that I’ll never forget! I learned some interesting facts about cybersecurity during this interview (it really works).

Tip 4: Teach them what and how

Many companies offer training boot camps and programs where the end goal for learners is to pass an exam. So, it is important to teach the learners what they need to know for course content, as well as prepare them to successfully pass the technical exam. For instance, Shadow uncovers what they do not know by reviewing multiple choice questions while teaching them how to eliminate the wrong answers first. This technique teaches them how to approach different questions and eliminate incorrect answers, while reviewing important vocabulary. This becomes a best practice that can be applied to taking the technical exam.

Our world makes it easier than ever to share information across social platforms, devices, and systems. With that freedom comes an increase in daily security risks and threats. Data security is now everyone’s problem, and all employees play a role in preventing cybersecurity threats.

By providing cybersecurity training to all employees and applying best practices when training an audience with varying levels of technical expertise, organizations can prepare employees on cyber-attack awareness and mitigate the harmful risks associated with these threats.

Our Learning and Development experts, like Shadow, can help train your employees and offer guidance on best practices. Visit our Cybersecurity Training page to learn more about how to get started in cybersecurity training.

[i] https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/?noredirect=on&utm_term=.9c6bf67574ed