A key step to any successful security awareness program is to regularly collect feedback and use that feedback to improve your program. In fact updating is stage four of the Security Awareness Roadmap. By constantly updating your program not only are you ensuring that it is current, but you keep the program engaging. With the end of the year approaching this is the perfect time to collect such feedback. Here is a simple but effective way to do it.
Create a survey with four simple questions. By keeping the survey short, you are far more likely to get people to respond. To sweeten the story, announce you will enter the name of everyone that responds into a raffle for something like a Kindle Fire or iPad Mini. Prizes like these are a low cost way to motivate people to provide the valuable feedback you need. As for the four simple questions, this is what I recommend.
- What did you like best about this year's security awareness training and why did you like it?
- What can we improve and how can we improve it?
- What one thing did you learn in this year's awareness training that you did not know before?
- How did you change your behavior as a result of what you learned?
Questions #1 and #2 are common in any survey, but prove insightful and helpful. However questions #3 and #4 are where you can get the most benefit. Remember the ultimate goal of any awareness program is to ultimately change behavior and these last two questions hit that nail on the head. In addition, not only can this feedback be used to improve your program but these responses can demonstrate to senior management the impact your program is having. Feel free to modify the survey anyway you like. The one thing I have learned is keep the questions open (i.e. no "Yes" or "No" questions). By keeping the questions open, you will always surprised by the feedback you get.