Why using humor in security awareness training can backfire

Are jokes ever appropriate in the workplace? Sometimes. But are they appropriate for cybersecurity awareness training? Definitely not. 
Jokes can make light of serious issues, offend and alienate colleagues, and make workplaces less inclusive for people with different backgrounds and experiences. It’s even more pronounced in the development and distribution of training content.
Recently, NINJIO CISO/COO Matt Lindley was tapped for a Brilliance Security Magazine piece on why cybersecurity training is “No Laughing Matter.” Matt explains that instead of making cybersecurity out to be a laughing matter as many training platforms have done, your company should approach it with the seriousness it deserves.
And it’s not just because of the awkwardness of experiencing a joke that does land. It’s also because the effects can actually be counterproductive and damaging to workplace culture. As the American workforce becomes increasingly diverse and an ever-growing share of employees (especially from younger generations) say they value inclusive workplaces, it’s vital for companies to recognize that people with different backgrounds and experiences have perspectives that don’t align with their colleagues. This recognition is particularly important when companies are teaching employees about a serious issue like cybersecurity, as it should inform the techniques they use to do so.
Effective cybersecurity awareness platforms need to bring employees together around the common goal of protecting themselves and the company, which means security awareness content should always appeal to all employees – not just the ones who happen to come from a certain culture. This is why companies should always be wary of humor in cybersecurity training – there’s no telling who will get the joke and who won’t.
If you have four minutes, head over to Brilliance Security to read the full article.