- Employee awareness
- 7 min read
Employees will always be critical in ensuring effective cyber security practices, and their behaviour and decision-making can significantly impact an organisation's security posture. Just as a fortress's strength relies on the competence of its guards, an organisation's security posture hinges on the behaviour of its people.
To address employee behaviour, we direct organisations towards social learning principles and psychological theories to enhance their cyber security training and awareness programs.
Simple, one-and-done compliance-based training is fine … but if it is not inspiring long-term changes in employees and your overall culture, are you positioning your training and awareness materials correctly?
Albert Bandura's Social Cognitive Theory (SCT) emphasises the role of observational learning, where individuals acquire knowledge and skills by observing others' behaviours and outcomes.
In our case, employees and beginners will be observing cyber advocates and security leaders in your organisation.
The Bandura Effect possesses the power to shape individual behaviours through observational learning and role models. Just like a master illusionist, it pulls the strings of behaviour, guiding individuals towards secure practices.
Through observational learning, individual behaviours can spread across a culture through a process called diffusion chaining. This occurs when an individual first learns a behaviour by observing another individual and that individual serves as a model through whom other individuals learn the behaviour, and so on.
You must also keep in mind that Bandura clearly distinguishes between learning and performance. Unless motivated, a person does not produce learned behaviour and it never transfers to their work performance. With motivation and external reinforcement, such as the promise of reward or work-related incentives, you will see learning transform into new behaviours.
Furthermore, according to Bandura's research, there are several factors that increase the likelihood that a behaviour will be imitated. For example, employees are more likely to imitate:
By leveraging The Bandura Effect, organisations can cultivate a culture of cyber security awareness and empower their employees to become active participants in safeguarding their digital environments.
At the centre of The Bandura Effect lies the concept of observational learning, which suggests that individuals learn from observing others and the consequences of their actions.
Observational learning is at the heart of the Bandura Effect. Think of it as following a recipe for cyber security success. Much like watching a skilled chef cook a dish when following a recipe, employees can observe cyber security experts in action and learn best practices. By observing their behaviours, decision-making processes, and the positive outcomes of their actions, individuals gain invaluable insight into how to protect sensitive information and how to stay one step ahead of cyber threats.
In the context of cyber security, this means that employees can acquire knowledge and skills by observing their peers, managers, or designated cyber security advocates who demonstrate secure behaviours and practices. These advocates serve as role models, inspiring others through their actions and setting the tone for a security-conscious culture within the organisation. Just as a lighthouse guides ships through treacherous waters, these role models illuminate the path to a secure digital environment.
Research from the Ponemon Institute revealed that organisations with strong role models and observable behaviours in cyber security have a 70% higher compliance rate with security policies.
By highlighting real-life examples of secure behaviours and their positive outcomes, organisations can tap into the inherent social nature of humans and create a ripple effect of behavioural change.
Humans are visual creatures. Just sitting them down in front of one piece of online learning a year is simply not enough. Back it up with visuals and activities that will stick with them and aid in fast and timely knowledge recall, especially at the most vulnerable points of operation.
Your organisation should utilise a range of strategies and mediums to reach employees at various stages of their awareness journey, different departments, and who learn alternatively to their peers.
What materials and channels can you use?
We hope that clears up what materials you can use and how you can use them to encourage active observation of desired security behaviours, increase employee knowledge retention levels, make sure safe security behaviours are imitated and how feedback paired with motivation is a vital decisive step.
However, to maximise the impact of social learning in cyber security training and awareness programs, organisations must also consider the learning environment they have put together; you need one that encourages knowledge sharing and skill development.
How can you create one that does just that?
Organisations that prioritise creating an environment that fosters continuous learning and knowledge sharing are more likely to see positive behavioural changes and a heightened cyber security posture. Employees need to feel empowered and supported in their journey towards becoming cyber security advocates themselves.
In the face of growing cyber threats, organisations must recognise the power of social learning and the role it can play in enhancing their cyber security training and awareness programs.
The Bandura Effect is a fantastic foundation; it provides valuable insights and by leveraging this theory, organisations can plan and cultivate a culture of cyber security awareness and responsibility.
Through strategies such as blogs, posters, e-learning, games, webinars, and team activities, organisations can effectively incorporate social learning principles into their training initiatives.
By harnessing the power of social learning and embracing Bandura's Social Cognitive Theory, organisations can empower their employees to become active participants in the collective defence against cyber threats, mitigating risks and protecting valuable assets.
For more information about how TSC can support you to enable behaviour change in your organisation contact us here.
If you would like more information about how The Security Company can help you to increase employee awareness or how we deliver long term security culture change ... please contact our Head of Business Development and Sales, Jenny Mandley.
The Security Company's vast library of customised and non-customised products and services are tailored for small, medium and large organisations and are available in a variety of languages. We also offer bespoke solutions for organisations that desire training and awareness materials built from the ground up.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51