Acknowledging a written security policy does not insure remembering the policy. How quickly is short-term memory lost?
Take a look at the following graph. This was developed 140 year ago and remains true today.
The "forgetting curve" was developed by Hermann Ebbinghaus in 1885. Ebbinghaus memorized a series of nonsense syllables and then tested his memory of them at various periods ranging from 20 minutes to 31 days. This simple but landmark research project was the first to demonstrate that there is an exponential loss of memory unless information is reinforced.
Stahl SM, Davis RL, Kim D, et al. CNS Spectr. Vol 15, No 8. 2010.
After just 2 days, only 25% of the training material is typically retained!
You can raise that to 90% practicing the 3-R’s of Training:
Look at what happens to training effectiveness!
You’ve increased the effectiveness of your security training by 90% and reduced the risk of security breaches in your organization.
95% of the security breaches that occur are attributable to the human factor* - the weakest link in your security chain. People must be your first line of defense. Security training should be repeated in a manner that insures long term retention. That means more than a once-a-year signoff of a written policy.
To retain any information we must refresh it periodically – period. You will forget it after a very short time if it is not repeated. On the other hand, if you encounter this information repeatedly, you will remember this information for a much longer time.
Repetition is the key to preventing security breaches.
* Source: IBM’s white paper, Security Services 2014 Cyber Security Intelligence Index.
Continue reading to learn more about how Visible Statement can help your business improve its security.