We often see television ad campaigns to deter people from drink driving or smoking. Some of them are really powerful and designed to shock, and sometimes scare us.

The effective ones don’t tell us that drink driving is wrong – we know that – they have to do much more.

If we look at these as learning interventions, then for me, what they often do is to try and change people’s attitudes by making them more aware of the possible consequences of their actions – in a lot Information Security training, the message is ‘Think Before you Click’. That’s not knowledge (well only a little bit), it’s not a skill, but it has a lot to do with our attitude.

Changing attitudes is difficult. Someone once said, it’s easier to put a man on the moon than change the attitude of a nation.

People often focus on changing behaviour through training, but in our view it’s the attitude that which the influences behaviour, and is where the change is needed.

The question then becomes, how do you change a person’s attitude?

When we started work on our Information Security training video we looked at the learning in terms of knowledge, skills, attitude and awareness.

I won’t go into knowledge, skills, attitude and awareness in detail here as we wrote this blog about them.  They are really useful when writing objectives.

This is broadly what we found:

  • a lot of information security is about doing things that we already know we should do – but don’t do (attitude)
  • we’re often complacent about the information we handle (awareness/attitude)
  • some of the actions are quite work specific (knowledge).

These fit nicely with what we’re doing with our What You Need To Know explainer videos.

The animated video above shows some of the areas of information security, but uses these to show what could happen if your ‘security’ failed and your information got out. It doesn’t shock, but hopefully makes you think.

So like the drink driving campaign, trying to raise awareness of what could happen, to change a person’s attitude towards it, which leads to a change in behaviour.

General and specific

There are some procedures which are job specific and these fit in with our idea of using an animated video plus, for example, a PDF.

So, procedures and practices which are specific to your organisation could be put in a simple PDF. Perhaps your password requirements e.g. a mixture of capitals, lower case letters, numbers and so on. Maybe staff are forced to change their passwords every month. All this would be easy to convey in a short PDF.

But how to generate strong, memorable passwords could be explained via a training video.

Free resources

There are also some great resources which would be expensive to recreate in a piece of elearning – especially when they are already freely available.

I like this one. You enter a password and it tells you how long it would take a desktop PC to crack it. There are others, but I found myself playing with it and making up passwords and testing out the ones I use – it’s worth a try.

So in brief, for us our Information Security video is mostly about attitude.

We do cover some information security points that will apply to most, if not all, but we try and show that the attitude of being more cautious is as applicable, and important, to our personal lives as it is when we’re at work.

And lastly, we hope it’s easy to watch. You can get the Youtube embed code and direct link for our Information Security video here.