Tom Van ‘t Veld
A perspective on cybersecurity from a classroom/digital training expert
The other day I did a cleanup of my old work files. I started working at Xylos fifteen years ago as a Microsoft Office trainer and have collected some material over the years. One of the folders I came across was about information security at work. The folder dates back to 2015, already seven years ago. I lingered on it a bit, trying to remember what exactly had triggered us at Xylos to develop this expertise. It got me thinking about effective ways to make people aware about cybersecurity risks.
End-user security awareness, as part of IT operations
Xylos was already well-known for its high quality Microsoft Office training and digital coaching back then. Security had always been a logical baseline for all of our IT operations.
But I also recall being in line for a sandwich at lunch, and being in a conversation with one of my “tech colleagues”. He insisted quite fervently that trainers like me have an equally important responsibility for IT security. More precisely, in raising awareness about security risks and how to sidestep them. Now, he might have been very hungry, but I also believe he had the gift of foresight.
Because next thing I knew, I was in front of an audience, giving a training called: “Information security at work.” I should actually say that I was in the middle of an audience. The two-hour classroom session was based on interactivity. We would discuss realistic daily situations and I would point out the dangers and how to deal with them effectively.
Looking back at the presentation the other day, I was struck by how relevant the content of that document still is: the dangers of phishing, the importance of good passwords, risks of using peripheral hardware, and social engineering. These are still things to consider in daily work situations. Only the photo I used to introduce myself has long since become somewhat outdated ;).
Discussing real situations to make cybersecurity risks resoundingly relevant
During that session, I showed examples of suspicious e-mails, and participants could vote whether it was phishing or not. For the topics that were more difficult to visualize, I outlined a potential work situation and the participants had to decide what to do. I also showed a list of the forty most common passwords and asked the participants if they saw their password among them. The number of hands raised, was quite astonishing.
Bringing lessons from classroom training to every individual in the workplace
We are now seven years later, and the subject has only become more relevant. In the meantime, at Xylos, our diverse internal experts (IT operations experts, coaches, trainers, e-learning experts…) have truly found each other to build comprehensive solutions for customers, together.
Classroom trainings, like the one I described, are still taking place. For many audiences, in many organizations, interactive classroom sessions are still a super effective way to get through to people. But getting tens or hundreds of busy people in the same room, at the same time, is often quite difficult. That’s why Xylos’ Neo Learning team, specializes in immersive e-learning solutions.
Also, productivity demands in the modern workplace are anything but decreasing. Ideally, people learn to behave cyber-securely in the flow of work. That requires an innovative take on cybersecurity learning. Diverse subject-matter experts at Xylos got together and got to work to develop an array of solutions over the last few years.
Adopting cyber secure behavior with InviQta
InviQta is a full-blown digital learning campaign, ready-made for our customer’s IT departments. InviQta uses an engine that sends phishing e-mail simulations on a regular basis to keep employees sharp in the flow of work. It also involves communication tools that trigger people to visit the InviQta platform for super short, interactive e-learning. It’s a great tool to keep overall cybersecurity awareness at a constantly high level.
The hybrid way of learning and adopting cyber secure behavior
There are many other digital cybersecurity learning solutions by Xylos, either already available, or coming soon: from gamification in Microsoft Teams to AR/VR. I would be more than excited to write entire blog articles about them, too. But I started to write this article, while contemplating on how I approached cybersecurity training as a classroom trainer, and how I then got into digital learning solutions for things like cybersecurity awareness. So the right way to tie this together might be by leaving you with a key lesson I took away from both experiences.
An organization consists of diverse people. Different “personas” may be struggling with different things and require different learning approaches, depending on their work situation. As an organization, in the end, you want the same from them all: cyber secure behavior.
Probably, you’ll want the best of both worlds: trainers and/or coaches and digital learning solutions. The key is to start by clearly identifying what the blind spots are, coming up with a plan that serves everyone, and taking the time to build up your “human firewall” systematically. And guess what? That’s what me and my colleagues at Xylos get you to do with our newest digital adoption service: Security Camp.
I’m quite excited to hear the first reactions from our customers, who are setting it up. I will report back to you, if there are any new important lessons to share. So stay tuned.