Notorious ex-hacker jolts learners into changing behavior in this scary, highly effective security training course.
You click on a PDF your CEO emails to you even though you’ve never received an email from her before. But what the heck, your computer’s virus protection is up to date and you’re curious. No harm done, right?
Wrong. You could be opening the door to a hacker wreaking havoc at your company—including stealing cold hard cash. And, because you’ve opened the door, your company’s insurance may not cover the damages. Scared yet?
Prometheus Training hopes so. The company paired up with KnowBe4 and notorious ex-hacker turned security consultant Kevin Mitnick to create the “Kevin Mitnick Security Awareness Training” course to scare you silly.
Helene Geiger, president of Prometheus Training, explains, “Before you change people’s behavior, you have to change their understanding. Our goal in this course was to create a waterfall of fear. Once you understand that you’ve been inviting hackers in just by making the wrong click on your computer, it changes your world. You ‘get religion’ real quick.”
To build the course, the team at Prometheus turned to its longtime favorite: the Articulate Studio suite. “Embedded videos were crucial to communicating the danger—they really bring it home,” Helene notes. “And Articulate makes it so easy to work with videos. I never have to worry; I just know that videos will work like they should.”
In his videos, Kevin Mitnick shows how hackers can take control of your computer.
In the videos, Kevin Mitnick shows two screens. On the first computer, he opens a document emailed to him. On the other, he shows how that action kickstarts a hacker’s utilities in real time. Within seconds, the hacker tools nab the passwords from the first computer and take over its controls. After watching Mitnick’s demo in the course, InfoWorld security columnist J. Peter Bruzzese wrote, “I have to say the training series scared the bejeebers out of me, and this is coming from someone who has provided training and spoken often at conferences on this very subject.”
Articulate Studio software also helped Prometheus navigate an interesting design constraint. “We’re telling people, ‘Don’t just randomly click stuff on the screen,’” Helene explains. “We couldn’t give them activities that involved them clicking away, for example, on parts of an email that look wrong. We had to role-model ‘Stop clicking the screen!’ and that’s a real constraint for the kind of work we’re doing.”
The course highlights suspicious content rather than asking learners to click on it.
Combine that with conveying loads of information in an engaging, easily digestible way and it’s clear that the team at Prometheus had their work cut out for them. But the intuitive, robust tools in Articulate Studio software eased the way. “Articulate Studio played a crucial role in helping us build a course that’s clear, easy to understand, and readable,” Helene says. “The only other software we’d use to create a course like this is Articulate Storyline—and we’re doing just that for our consumer version of the course.”
The Storyline version of the course will convey information in a more pictorial way. “It’ll be more interactive and playful,” says Helene. “It’s for a consumer audience, which is a whole different world. Because Articulate Storyline really is limitless, we think it’ll be perfect for the project.”
And should folks who take the course (or require it at their companies) expect it to work? If the success of KnowBe4’s clients is any indication, then the answer’s a resounding yes. KnowBe4 sends phishing emails to its clients before and after the training to measure the training’s impact. It’s typical for 26 to 45 percent of employees at these companies to fall prey to KnowBe4’s phishing emails before the training. After the training, that percentage shrinks by 75 percent or more.
This Articulate Studio course dramatically changed employee behavior.
When asked what advice she would give on creating a course that’s as effective as this one, Helene doesn’t hesitate. “Think really hard about goals and objectives. In this course, we knew we had to focus on making people really understand the risks to have a prayer of changing behavior. That pretty much dictated how we designed everything.”