February 24, 2021

How to train my users?

The same expert opinion follows

With a steady stream of warnings about new cyber threats, phishing attacks and scams in newspapers and security blogs, there is usually some wise expert opinion. A set of advice for businesses and organizations on how to protect themselves.

No concrete methods

In nine out of ten cases, they emphasize the importance of educating their users about IT security, but rarely do they offer any concrete suggestions on how to do so. We at Nimblr have long pondered the question of how to raise the security awareness of ordinary computer users;

Constant warnings

Newspapers and trade magazines are constantly warning us about new attacks, fake emails and other e-fraud. Few colleagues in the IT industry are particularly surprised to hear how companies have been hit by costly IT scams or time-consuming viruses. Many of us could repeat the experts' advice and suggestions in our sleep: updated software, working antivirus and most importantly, educating your users;

There was no solution for training users

As early as five years ago, my colleagues and I started thinking about the constant admonitions of experts about the importance of educating their users. The company I worked for at the time developed and delivered technical security solutions such as antivirus, spam and web filters, and we were able to offer our customers solutions that helped them with software updates and antivirus. But the most important advice, that of educating your users, we had no solutions for.

Can feel like a mission impossible

Educating your users about IT security may sound like "mission impossible". How will ordinary computer users find the time and motivation to familiarize themselves with such an uninteresting topic as IT security? Even if, against all odds, we manage to gather all our users for a day's training, there is a high risk that the knowledge will quickly become outdated or forgotten. Moreover, it would be very costly to set aside a full day for all employees.

The idea grew

At Nimblr, our idea of educating users started to grow. Together with behavioral scientists, e-learning experts and a psychologist, we designed an online-based concept focused on changing user behavior and strengthening safety awareness;

Borrowed the hackers' own model

Through short interactive micro-trainings, exercises and simulations, we were able to reach all users. We borrowed the hackers' own model, which they use to motivate users to click on malicious links, and created harmless simulations that lead users to micro-educations at the very moment they made a potentially harmful choice.

A result that spoke for itself

The results spoke for themselves. For our early test customers, after just a few months of using Nimblr Security Awareness, we saw a significant reduction in the number of clicks on our simulated attacks. By automatically using information our customers have registered with us, over time we make the simulations more sophisticated and harder to see through - just like hackers do in real attacks. Users gradually build up an awareness and caution and are motivated by their own mistakes. We finally had an answer to the question: how do you train your users? You don't - users train themselves!

Nimblr Security Awareness is an online training platform designed to increase end-user security awareness and minimize the risk of full-blown attacks. The training program is based on a holistic learning model and is continuously updated with intelligent technology, smart illustrations, IT security expertise and modern pedagogy.

Making the internet safer