For Trainers¶
General Information¶
The content on our site is primarily designed for end users. However, these resources may also be useful for trainers.
Recommendations for Trainers¶
Essential reading material:
Focus on the question "Why?" and not "How?"¶
During trainings, be sure to explain to participants why you are giving them a recommendation to change a specific setting, device, behavior, or to use specific software. Explain what threats the status quo poses and what benefits the proposed changes will bring.
Think about user comfort¶
Imagine that someone forced you to transfer all passwords entered in the Password Manager onto paper and enter them manually everywhere from that paper, without any auto-fill.
Often, when giving security recommendations, trainers forget that for users, suggesting the use of a Password Manager, for example, is approximately a recommendation of this caliber. Disabling biometrics for them might be equivalent to a death sentence.
Remember that cybersecurity is a long-term process. If a person doesn't understand the threats that come with using a less secure but more comfortable method, and you don't consider their needs at all, in the best case — they will specifically stop listening to you, or in the worst case, they will generally decide that cybersecurity is "boring."
Let's take the same biometrics example. Think about the threat model, play out the scenario in your head and ask yourself: what threat could arise if the user has Biometric Authentication enabled?
Will they be forced to show their face? First of all, Biometric Authentication often has a timeout, which after some time still requires a password. Additionally, before reaching the real face, the attacker will look several times anyway, and the victim can use simple tricks to ultimately exhaust the limited attempts (e.g., by turning their face away). In this case, it would be better to advise the person to set a strong password and use biometrics.
Try to find the balance between comfort and security for the person, rather than making them hate cybersecurity. Consider any concerns and give them the opportunity to come to you with questions about improving security, and not with complaints.
Caution with jokes¶
Digital security is a sensitive topic. Often, people make critical mistakes only because they didn't know something, not because they didn't care. They might not have known what threat using a simple password or an unencrypted device, or anything else, could pose. At this point, participants with more knowledge often resort to joking — "come on, how did you not know this?"
That's your cue.
Such jokes only create or reinforce stigmas, and very easily, participants may hide critically important information that would have been easily fixable.
Any such incident is your chance to provide participants with detailed and thorough knowledge.
Content Usage Terms¶
Please review the content usage terms
Help