Probably one of the most complicated and unpredictable components of business security is managing the human element. In business security, people are both an asset and a liability. And they have a way of ruining even the best security plans.
You may invest in a sleek new key control system, roll it out business-wide, and then a week later find out that everyone is just sharing PIN codes and ignoring alerts. There’s not much point in rolling out a whole new security system if it’s just going to go underutilized. At best it will be a waste of money. At worst a source for even more risk.
In our experience the root problem when something like that happens is often just a lack of training. People need guidance when you introduce new ideas and technologies into their work environment. And they need to understand the value that these systems bring to both the organization as a whole, and to their individual workdays. A structured training program is usually the best solution for achieving these goals.
The thing is, while security professionals are experts in their own discipline, many don’t have a lot of experience training non-experts on security technologies or security-minded work practices. So we’ve pulled together the 6 most important best practices you should follow when designing and running a training session. Applying these will help ensure that your organization gets the most value out of any new security system that you’ve spent a lot of time, effort, and money to implement.
1) Have a Written Agenda and Stick to It
If you’ve never conducted a training session before it can come as a surprise how easy it is to forget even major topics when you’re standing in front of a group of people. Even when you’re teaching a subject that you’re an expert in.
Always outline a training agenda that includes every topic you need to cover and the key details of each. If you’re doing a presentation in your training this becomes easier. Simply make sure every key point has its own dedicated slide, even if it’s just a one or two word title. These will act as a visual reminder for each essential topic as you’re working your way through the presentation.
2) Make it Specific
Make sure your training is specific to your organization and the actual tools and technologies that you use. One common mistake we’ve seen security professionals make is running training sessions that are too vague. They might talk about perimeter security and the concept of access control, instead of talking about how to authenticate contractors at the facility’s western entry point due to past breaches.
To that point, also be transparent about past security challenges where you can. Staff are much more likely to retain the procedures you teach them when they understand the real world impact it can have. For example, hearing the specific number of past thefts of business and personal electronics will make staff much more receptive to learning how to use a smart locker system.
3) But Keep it High Level
Build your training sessions around the fundamental security principles that you need staff to follow. Teaching a lengthy to-do list that needs to be carried out consistently by memory is not ideal. Unless you’re in a high security setting where staff are able and expected to travel with comprehensive checklists, your organization’s security is going to depend on staff simply remembering to carry out their work securely day-to-day.
Fundamental principles are easier for staff to remember, and are broad and flexible enough that they will see many ways to apply them in their day-to-day lives. So taught properly, a principle like ‘protect the means of access’ could remind staff to both be accountable for physical key security and not leave written passwords sitting on their desk. The principle applies to both.
4) Use Practice Scenarios
While lectures are great ways to share large amounts of information quickly, not every student learns well just by listening. Many engage and retain procedures much better during practice scenarios. Make sure to include hands-on, practical experience scenarios in your training agenda.
When you break out into practice sessions, use real-life scenarios that your staff might encounter on the job, or recreate past security incidents that have occurred at your organization. This is important even if you’re just teaching staff how to use a new product. For example, if you’re training staff how to use a new key management system, have them practice signing out and returning keys, as well as using any custom applications or checklists that you’ve built into your access control panel.
And pay attention to student questions, particularly during these practice sessions. If you notice a pattern in their questions, that might be a sign that you may not have covered a topic in enough detail. Or there may be a security concern that you hadn't understood from the front-line staff perspective.
And ideally not just annually. Remember, people may be a liability, but with training, repetition, and understanding, they’re more likely to become your best security assets.
If you have specific threat scenarios that your organization is concerned about, conduct ‘live fire drills’ where the relevant staff practice handling them directly. Then conduct an after action review to determine what portions of the drill went well, and what didn’t go as planned. Why didn’t they go as planned? What could be modified in the plan to handle them better next time?
6) Then Lead by Example
A solid security program requires more than just front-line staff to execute. Management and executive leadership also both need to take an active role in developing a ‘security first’ mindset for your organization. When front-line staff see leadership taking ownership over the business’s safety, then they’re more likely to take part too.
As you gain more experience training staff make sure to periodically revisit your training agenda. Business and security are both constantly evolving, so you need to make sure that your training is always up to date with the latest changes in your field.
Do that, follow these 6 best practices, and your training sessions are sure to deliver the maximum benefit for your students and your organization.
About the Author
Shannon Arnold is the VP of Marketing and Strategic Partnerships at Real Time Networks.