Love your information security training? Our people do. Here’s why and why it’s worth it.

There was a time when human behavior wasn’t even on the radar as a part of enterprise information security. Today, everyone knows it’s essential.

Our Information Security organization recognizes that while our people are our greatest asset, they can also be our greatest vulnerability. Creating a culture of information security is critical to keeping Accenture and client data safe.

Fostering that culture of security has been the charge of our Information Security Behavior Change and Awareness team for more than 10 years, led by Steve Zutovsky and Urszula Fabiszak. (Learn more about Urszula’s career in information security in this episode of the Accenture InfoSec Beat Podcast.) I am proud to say they and the team have created an innovative and effective behavior change program that focuses on incident prevention and the establishment of a culture of working smart to stay safe.

Today, the program is winning awards and gaining the attention of other organizations. Team members are getting invited to speak at conferences—in fact, you may have heard them present at CyberCon and other industry events. But, most of all, our people love the program!

Not your traditional training

At the core of our training is the Information Security Advocate Program. It has greatly raised the level of knowledge about cyber security and secure behavior through a series of engaging learning and awareness programs.

The team uses a variety of approaches to create custom, immersive learning, including the latest methods in gamification, interactive use cases, videos, online quizzes, in-person events, and virtual reality, so that nothing feels like traditional training. This is the kind of training people love to take. In fact, close to 80% of Accenture people voluntarily participate in advanced levels of our Advocate program. For an example, check out one of our latest learning assets, Hacker Games, that Urszula posted on LinkedIn.

The program reflects the latest trends and thinking in learning and assets designed to immerse individuals in situations depicting real-life environments. Key to creating the assets are the:?

·????? “Consumer” experience – gaming and interactive components, infotainment

·????? Length of the learning asset – short bursts of videos

·????? Presentation and style – engaging a broad swath of our people

·????? “Anytime, anywhere” approach – adaptable to any device

The team builds custom programs to make training manageable, personal, and fun. To promote continuous learning, programs are released quarterly. Our people have their own personalized learning paths with custom courses that are designed based on their roles within the organization and their unique risk profiles. As they make their way through the learning journey, individuals are rewarded for their adoption of information security best practices, receiving Information Security Advocate status “badges.”

?

Made to measure

We rely on consistent and diverse measurement strategies to confirm Accenture people are adopting the desired behaviors. Since the program trains comprehensively, the team also measures in a comprehensive way. This is why they measure both relative performance improvement as well as continued engagement.

We see that Information Security Advocates have significantly better scores in internal assessments on their knowledge of social engineering, disposing of sensitive information, and reporting incidents. They also consistently outperform non-Information Security Advocates in complying with phishing tests.

?

Effective—and evolving

Our Information Security Advocate interactive learning programs, designed to educate people in every part of our organization from day one, are focused on strengthening foundational knowledge and responses to emerging threats. Agile and flexible, with a mix of global and grass-roots initiatives, and leveraging local Information Security leaders and “champions,” the behavior change program has garnered industry recognition for its innovative approach and impressive results.

We’re happy about that, but we can’t rest on our laurels. Any effective learning program is one that assesses and refines its approaches to stay relevant to the current environment, and our Behavior Change team continues to do that.

In an upcoming article, I’ll share how we’re pushing the boundaries on innovative learning approaches to evolve our program. As always, let’s share what we know to secure what we must.