To provide an effective Security Awareness Training program, the training must be localised to capture the attention of all employees.
English has traditionally been the language of technology simply because of the early influence of Silicon Valley in the USA. However, we have come a long way since those early days, and now technology is global.
It is well-established that making Security Awareness Training fun is essential. However, there is more to effective Security Awareness Training than fun and games.
People need context and connection at a local level. Humans are born into and live within cultures. These cultures significantly impact how we see the world and interact with it: cultures and places shape us as individuals. Culture informs and influences and comprises an entire society’s traits, history, and language.
Integrating a localised approach to your Security Awareness Training program is a great idea; here are three reasons this is so.
Three Reasons to Use Localised Security Awareness Training
Security Awareness Training is most effective when it engages your staff. But engagement is not a one-size-fits-all type of scenario. Engagement needs a mix of contextual, personalised, and fun scenarios.
If you are an organisation that has a global workforce, you need to look at how best to engage that workforce. For example, a Security Awareness Training program that does not take non-English speakers or employees from other cultures into account may be less than adequate; the result is gaps in your cyber security awareness that put your company at risk.
Here are three advantages to localising your Security Awareness Training:
Localise the Content to Better Engage Employees
Your organisation may be a large, multi-national company or part of a broader, global supply chain; if so, you will likely have employees or contractors from countries worldwide. Many may also be non-English speakers or use English as a second language. Therefore, any training, including security awareness, is best served in the native language of the learner.
During the early stages of cyber security training program design, create an inventory of your audience locality:
- What countries are your employees based in?
- What languages are spoken?
- Are there any specific cultural norms that may affect language and how employees interact with tech?
The answers will help to build a more effective training program. For example, the MetaCompliance Security Awareness Training platform comes in 40+ languages, with more planned. Having this wealth of localisation support makes delivering localised security training content easier. It is also more likely to engage your employees alongside the fun and games built into advanced cyber Security Awareness Training platforms.
Localised Content Will Help Prevent Targeted Cyber Attacks
Phishing, and other forms of social engineering attacks, work best when they have an element of targeted learning. For example, phishing emails that target a specific employee role, such as HR or accounts payable, will be written to capture that person’s attention using particular language and content.
Business Email Compromise (BEC) attacks are renowned for using roles and targeting individuals using the type of common language they would expect in an email. In the same way, a fraudster targeting people in a country will compose the phishing email in the language of that country.
Phishing emails are not just created for English speakers. There has been a surge in phishing emails that use languages other than English. A study from Google and Stanford University proves this. The study looked at 1.2 billion email-based phishing and malware attacks against Gmail users. Fraudsters who target users from non-English speaking countries will often use the native language of that country. One of the starkest examples in the study was that 78% of phishing emails targeting Japanese users were composed using the Japanese language.
If your end users are dealing with localised phishing emails, your phishing simulations and training should reflect this. Localised training in the employee’s language will be more likely to educate them in the tricks of phishers successfully.
Native Language Emails May Bypass Technological Measures
Email and web content filters are configured to spot malicious links or attachments or stop navigation to spoof websites. They typically do this by setting up blocklists or looking for known words used in phishing emails.
These measures are usually based on the English language. Native language phishing emails are more likely to evade this technological measure because the filtering system is not set up to deal with non-English phishing attacks.
By adding native language support to a Security Awareness Training program, you can ensure that native language emails that evade detection by technology do not evade detection by a human-being.
Native Language Security Awareness Training Delivers People-Centric Security
Using localised cyber security training is part of a wider people-centric approach to information security. By deploying people-first training programs localised in the language of your end users, your organisation will be more effective in engaging your employees in training.
Your organisation will reap the rewards of this with a more informed workforce who understands how cybercriminals manipulate their behaviour. Ultimately, this will de-risk your company and prevent cyber attacks.
Language matters and any tactic that improves employee engagement with Security Awareness Training materials are fundamental in creating a security culture and fighting the onslaught of cyber attacks across industry and the world.
