World Book Day (Thursday 5 March 2020) encourages people across the globe to help 'share a million stories'. Marked in over 100 countries, the campaign aims to 'celebrate stories and love reading', particularly for children and schools.
However, cyber awareness schemes can take a leaf or two out of this charity's book, as storytelling can prove to be effective in cyber training. Professor at Harvard University Dr. Howard Gardner says: “Stories constitute the single most powerful weapon in a leader’s arsenal.”
But what is it about stories that make them so constructive? Laura Holloway, founder and chief of The Storyteller Agency, explains: "Storytelling offers the opportunity to talk with your audience, not at them".
Rather than lecturing employees about the risk of cyber threat, which can instil the unproductive fear factor, organisations ought to tune into the power of storytelling.
Thom Langford, founder of (TL)2 Security Ltd, shared some wisdom on this topic at teissLondon2020 : “Stories are important to us as security professionals, because, to be blunt, we’re normally really bad at putting across information to people who are not security professionals".
Cyber security training sometimes takes the shape of an annual tick box exercise, which is rarely engaging or memorable. However, Thom adds, "When people experience things, they create a visceral response in their bodies and they start to remember things".
As author and social psychologist Aleks Krotoski says: “Stories are memory aids, instruction manuals and moral compasses".
In his talk, Thom mentions the equation: Value + Story = Experience. He explains: "value (the knowledge you have and wish to impart) plus story (the best way of imparting the value) equals experience (the memorable thing that allows people to absorb the information you are sharing).
“Storytelling is as old as time and it doesn’t matter if it’s a short story or a longer story, what’s important is that people learn, understand and then are able to impart knowledge onto others.”
1) Repetition: In terms of cyber awareness learning, effectiveness is directly correlated to regular updates and reminders, which use varied techniques like animations, games, lunch and learn sessions and competitions.
2) Quality of meaning: Being able to absorb information depends on the relevant, meaningful connections you make between what you already know and what you have just heard. This is where stories and narratives are vital in making learning engaging.
The report suggests effective cyber training can be implemented through:
- Good leadership - stories can help leaders not only understand that they have a problem, but feel that they have a vital role to play in protecting data and staff, within the framework of their organisation
- Reinforcing the message - Memories are fragile, so always evolve the learning techniques, and keep them interactive
- Accommodate different learning styles - Use a mix of games, animations and videos to adapt to all different people's learning styles
- Use every means at your disposal - React to the latest attack stories and how they can affect your people, identity 'champions' and mentors' to help build a powerful learning culture
- Storytelling - People remember stories more readily than dry facts, appeal to people's hearts and talk about personal and professional consequences
Director of the International Storytelling Center, Jimmy Neil Smith, says: “We are all storytellers. We all live in a network of stories. There isn’t a stronger connection between people than storytelling".
Cyber security awareness and training can most certainly benefit from this idea.