What is it about?
Have you ever wondered how to provide more engaging and useful forms of cybersecurity trainings for employees at organisations? We have designed two anti-phishing trainings, i.e., group discussion and role-playing, and measured their effectiveness with both self-reported and behavioural responses.
Featured Image
Photo by Redd F on Unsplash
Why is it important?
* Role-playing is fun, engaging, and effective. Organizations can easily deploy our designed trainings with our supplementary materials. * Group discussion is an effective approach to learn experience from colleagues and promote safe responses to phishing attempts. It's important to talk about/report incoming attacks with colleagues and IT staff. * The importance of measuring training effects beyond the immediate assessment. We observed the increase of self-efficacy scores in role-playing training condition 7 days after the training in comparison with the immediate assessment.
Perspectives
* Human to human interaction can effectively improve the security of human computer interaction. * Intervention studies should compare training effects both within groups (beyond immediate assessment) and between groups (add a control group). * Longitudinal studies design might be a replacement for deceiving participants in social engineering studies. * Role-playing as hackers is an effective and enjoyable cybersecurity training approach.
Xiaowei Chen
University of Luxembourg
Read the Original
This page is a summary of: The Effects of Group Discussion and Role-playing Training on Self-efficacy, Support-seeking, and Reporting Phishing Emails: Evidence from a Mixed-design Experiment, May 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3613904.3641943.
You can read the full text:
Resources
Contributors
The following have contributed to this page
