Let’s get one thing straight, you can’t successfully fight spam in your workplace without the help of a reputable anti-spam filtering solution. Without this, your organization will be inundated with spam.
But an appliance isn’t the only tool you can use to keep spam out of your inboxes.
Your users themselves can often be the best foot soldiers in this fight. In fact, any anti-spam solution worth installing will use information from the user base to make it more effective at stopping junk emails. Allowing users to tell it what is spam and what isn’t the appliance will learn how to better identify problem emails.
But before you can enlist your co-workers into your anti-spam army you have to ask yourself, “Can they really identify a spam message?” If your answer is no, then it is up to you to get them trained.
Developing a Training Program
Training your users is a proactive way to fight spam. But if it isn’t done properly, the entire effort could prove to be a huge waste of time.
But what makes up a good training program? Is it the content? The delivery? The percentage of people who pass or fail? Actually, it is a combination of all three – and more.
Before you start putting together a Power Point presentation to show off at your next staff meeting, spend some time planning your training session. Assess what is needed. Do you need to cover the basics first or can you skip into a more advanced topic? Is your audience highly technical or do they have trouble understanding the difference between a CD and DVD?
Finally, plan your training around the amount of time you have. Break it into multiple sessions if need be so you don’t try to cram too much information into a short amount of time.
Creating the Content
Make sure that your information is timely and accurate. You would be surprised at how many “training” sessions regarding technical topics actually present inaccurate information or statistics that are so old that they look like they were typed up on a Commodore 64.
Content should also speak to the learner. If you are training an office pool, then telling them about Bayesian filtering may be a bit too dry. Lighten it up a bit using humor like this video from Glove and Boots where they explain what Spam is, http://www.youtube.com/watch?v=gkBPxfJTjK8&feature=plcp.
Don’t forget to make sure that your content shows your audience that what they are learning is relevant to them and their job. Use case studies and stories from other companies to help emphasize this.
Trainings can either be delivered online or through live sessions. Online trainings allow your users to learn from their own desks, on their own time. Live trainings have the advantage of allowing you to connect with your learners and really address what they want to learn. However, it takes some specific skills to be able to get up in front of an audience and deliver a lesson to them. It is certainly not for everyone.
Regardless of what type of training you chose to use, make sure that you are not providing them with a slideshow of content that you are reading to them verbatim. This is not training, its story time so don’t be surprised if people start to take a nap.
Assessment should do one thing; tell you how well your audience learned what you were teaching them. It is not meant to make people look stupid, despite what your high school teachers may have ingrained into you.
Assessments, like quizzes or hands on activities, should be frequent and should provide feedback. Simply showing a person how many questions they got wrong does nothing more than hurt their pride. Tell them exactly why their answer was wrong and you have another opportunity to teach them.
Developing a training program for identifying spam is not easy. It takes a great deal of knowledge and experience to get it right. However, a solid training program can serve as the perfect complement to the shiny new anti-spam filter you just had configured. Remember, the best security is one that takes the layered approach; and education should definitely be one of the many layers.