Part 1: How to Use Fun and Games to Make Your Security Awareness Program a Success

Part 1: How to Use Fun and Games to Make Your Security Awareness Program a Success

5 Tips for Adding Humor to Your Awareness Training

Security awareness training is a critical part of keeping your organization protected. Unfortunately, most internal training programs are boring (admit it, they are). Employees quickly tune out dull PowerPoint presentations and mind-numbing lectures. The hard truth is that passively listening to presentations and reading PowerPoint slides produces the lowest retention rates, which means most of your employees will complete your training and then go back to some of (or all) the same risky behaviors as before. 

So how do you grab employees’ attentions and get them to change their behaviors? The answer is to make it fun!

What do you get when you cross an optimist and a phishing email?


Research Shows that Laughter Leads to Learning

Leadership may fear that adding fun will diminish the importance of cybersecurity awareness, but science proves otherwise. Research shows that when it comes to getting someone’s attention using fun and humor can be very effective at breaking our train of thought and remembering what we heard.

In part one of this two-part blog article, we offer five tips for infusing humor into your training.

  1. Use humor to reinforce the message. Humor can be an effective way to highlight the things you most want your audience to remember, making sure you clearly explain those things in other ways. Practices such as good password hygiene, clean desk policy, or physical security measures can be emphasized using exaggerated, outrageous, and ridiculous examples in the form of cartoons, video reenactments, or skits for employees to perform.
  2. Infuse humor to test retention. Neuroscience research reveals that humor systematically activates dopamine production in the brain, which is important for long-term memory. One way to do this is to add a “punchy” answer option to group Q&A, such as, “How many of you are still mourning the end of Game of Thrones?” You can also engage employees in a Jeopardy! or Weakest Link game show format to test their understanding of material covered.
  3. Verify your humor translates and isn’t offensive. Much of humor is a cultural construct, which means it is not universal. Therefore, it’s vitally important all humorous elements are relevant and align to your corporate culture. Testing your messages beforehand with target groups and liaisons who are familiar and comfortable with local culture and language can help. Remember the purpose of humor is to make people more comfortable and open to your message. Sending out something that is offensive or falls flat in translation will have the opposite effect.
  4. Keep your humor constructive. Humor should reinforce your message and help your audience remember your key points. Using humor that is mean-spirited or degrading is not appropriate for your security awareness program. Inappropriate jokes tend to make people uncomfortable and defensive, and apt to tune out. Laughter relaxes most people and reduces their anxiety, which improves learning and retention.
  5. Keep your own sense of humor. Nothing is 100% effective the first time you try it, especially if this is a new concept for your organization. Sometimes humor flops, but don’t let that discourage you. Be willing to accept your mistakes, learn from them, and try again.

Humor is an easy, fast, and inexpensive way to turn your boring security awareness training program into something memorable, and dare we say, fun. Check out part two of our series on how to amplify the fun and impact of your training with games.

Download our primer on How to Sell Leadership on a More Engaging Security Awareness Program.

Get the Guide


Part 2: How to Use Fun and Games to Make Your Security Awareness Program a Success
Managing Cybersecurity Training and Awareness with a Remote Workforce