Last week I mentioned reading Freakonomics, specifically about how difficult it is to educate people to the point where they change theibehavioral.
As a trainer, and IT guy, I cant help but wonder what kinds of things we assume are “training issues”, when in fact all the training in the world won’t change things. Think, for example of all the money and time spent teaching employees about data and network security, and yet we see that these same people can easily be socially engineered to do things that go against all of that training.
We see stories like this all the time. I am sure that the manager has been educated to not do this, but put in an abnormal situation, and he reverts to a natural instinct to be helpful. I’m not sure we can train that out of him, especially when it’s not immediately obvious that there’s a personal risk to himself.
When we spend a lot of time training, whether it’s for security, or just teaching people how to use software, if it involves a change in how they work, we are going to have to make it personally beneficial to our students if we really want it to stick. It’s obvious that without that, we won’t see a change in behavior.
Maybe we should be spending much more time working on security systems that depend less on the proper behavior of our users as well.