7. Multimodal awareness materialsThe most successful programs are not only creative; they rely on many forms of awareness materials. While there is a potential place for learning management system training modules, too many programs rely on them completely as an awareness program. Successful programs incorporate a variety of awareness tools. This includes newsletters, posters, games, newsfeeds, blogs, phishing simulation, etc. The most participative efforts appear to have the most success.
Another issue to consider is that materials should attempt to connect with different generations. For example, some videos seem to connect best to young males. You then need to use other videos or materials that connect with older employees and females. There is definitely no such thing as "One Size" security awareness.
There were many more habits that led to either success or failure of security awareness programs, but these are a starting point as to where you should begin. The big takeaway is that habits drive security culture, and there are no technologies that will ever make up for poor security culture. Awareness programs, when properly executed, provide knowledge that instills behavior. Security should definitely be common sense, but you cannot have common sense without providing common knowledge.
Anyone interested in downloading the full research report can do so at ISAG.com.
Sign up for CIO Asia eNewsletters.