Modern field guide to security and privacy
Mike Nobers, director of partner channel and alliances at Wombat Security Technologies, speaks at Passcode's trade show booth at South by Southwest in Austin, Texas on Sunday, March 12, 2017.
Matt Orlando/The Christian Science Monitor | Caption

How to teach people to be more digitally secure right when they need it most

By giving employees cybersecurity training right when they’ve done a risky behavior, Wombat Security can help make real changes in user behavior.

When Mike Nobers' young son started using curse words, Nobers didn’t scold him.

“The old method [of telling] my son not to swear was telling him, 'no', that’s not the right thing to do,” said Mr. Nobers, director of partner and channel alliances at Wombat Security during a talk at South by Southwest in Austin, Tex., "But, not really teaching him, 'why'.”

Nobers’ lesson for companies trying to improve their cybersecurity: just like guiding a child to better decisions, companies, too, need to evolve their cybersecurity awareness campaigns for employees from scolding them to teaching them how and why to do better.

The answer, said Nobers, isn’t just better technology, but better education.

In the past, companies marched employees through hour-long, in-house sessions that let human resources and management check the proverbial box of security education.

Starting in the mid-2000s, Nobers said, companies like Wombat began providing clients with interactive modules — gamified sessions that feature engaging characters that guard against the dangers of, say, phishing.

The entire process helps companies assess what employees know and then engage them, teaching why it's important to stop or modify certain behaviors.

In the future, Nobers explains, automated systems will flag the riskiest or harmful behavior and interrupt bad habits with “just in time” training sessions.

That means that if employees are browsing social media and click a link bearing dangerous materia or if they visit a website that’s possibly dangerous, they’ll get an immediate email update instructing them how to improve in the future.

Today, Wombat has a partnership with endpoint protection company Carbon Black to use Carbon Black’s security monitoring to help identify the precise moment when employees can be reached with training.

With all of this in mind, Nobers found it productive to correct his son in the same way Wombat helps the wayward employees of client companies.

“Being that we do this for a living, I thought: ‘I need to assess my son, and learn where he learned these swear words,” he said. “What I found out, in talking to him, was that he heard me say some swear words, he heard it in other places.”

In the same manner as in a Wombat training, Nobers can now teach his son there are better ways to express himself.