A Thirteen Year Technology Use Study Highlights Surprising Results
More often than not, businesses train their employees on how to spot different types of technology related scams. Training is conducted through a series of steps that outline important items to look out for to avoid the danger our technology brings. But, the study, “Technology Use: Conceptual and Operational Definitions,” written by the University of Oklahoma, is suggesting something different. Training users not only lies in teaching how to identify the signs, but why identifying those signs are important.
Throughout the course of the study, researchers at the University of Oklahoma worked with over 1,200 students throughout thirteen years of research in an attempt to find the best methods to deliver IT training to non-technical users. The users involved with the study were unaware that researchers were testing numerous methods in which to teach the skills (rather, they were simply aware of the fact that they were receiving basic IT training skills).
Method One – How to Identify Scams
Different variables were tested throughout the research period, one of those methods being the traditional method most businesses employ today: teaching users how to identify key elements of technology scams, whether it be phishing emails, online scams, etc.
Most IT trainers will focus on delivering specific steps to take to avoid being trapped in scams. As an example, training sessions may occur as follows:
Steps to Take to Avoid a Phishing Scam
- Look Out for Email Addresses that Are Slightly Off
- Look Out for URLs that Don’t Match the Destination
- Always Call to Confirm Emails that Ask Sensitive Financial Questions
Users will then be promoted through a series of tests to see if that knowledge stuck. Horrifyingly enough however, according to another study, 78% of users claimed to be aware of phishing scams and how to spot them, but still clicked anyway.
Researchers found that although this method is very useful and is still needed, there is a disconnect between the user and the content they are learning.
Method Two- Why Spotting Scams Are Important
The findings discovered in Method One led researchers to develop another form of teaching: users are taught why identifying and fighting against technology scams is so important. They called this method of learning “mindful” teaching. Within this method, users received explanation as to why these scams were dangerous, what impact they can have, and how it can affect a company as a whole.
As opposed to the example above, an example of this method would include the following:
- Insights Into Phishing Attacks
- What Types of Attacks Occur
- What Hackers Are After
- What Happens When Businesses Fall Prey
Now look back at example one. You can see the approach is very different.
What Researchers Found
By examining all of their case studies, researchers found that out of the two, the users who employed Method One (the How-to Identify method) were more likely to fall prey to attacks than those who employed Method Two (the Why method). In many cases, those who employed method one were much quicker to make a decision about whether or not something was a scam, and they often chose the wrong answer. Those who employed the “mindful” method thought longer and harder about the decisions that they made, and asked more questions when it came to identifying scams.
Method Three – Putting It All Together
Although research shows that Method Two is a great approach, it does not negate the value of Method One. Here at zbrella Tech, we’ve trained our fair share of our client’s users, and we’ve discovered that the best method is this: teaching users how AND why to identify technology scams. By combining the two different methods, you are offering users an arsenal of knowledge to combat the very real threats that they face daily.
Remember this: your users are your first line of defense against an attack in your office. Without giving them proper training and a full understanding of the threats they’re facing, they will be defenseless. Teach them just how to spot an attack, and they won’t care why. Teach them only why, and they won’t know how to defend themselves. Teach them both, and they’ll have the know-how and why to protect your business, your data, and your livelihood.