How to Engage Employees in Cybersecurity

Aug 16, 2023 | Cybersecurity, Gamification, Microlearning

The following cybersecurity article was written by Founder and CEO Heather Stratford.

A woman does cybersecurity training on her smartphone while in the office breakroom.

Cybersecurity is here to stay and is a critical component of what every employee needs to understand better. Both large and small companies are struggling with how to better engage their workforce in knowing what to do at what time and having employees care enough to change behavior.

Creating Loyalty and Engagement

My father was what they called a “lifer” at General Electric. He was hired out of a prestigious university to go to work for General Electric at their headquarters in Schenectady, New York. He stayed with GE until he was 55 years old and retired. Gone are the days of “lifers.” Today, employees see a job as a short-term place to earn a wage, learn a skill, and then move on. Resumes of the Millennial and Gen Z Generations are not kept to one page. Resumes from the younger generation are filled with four months working here and six months working there. They are long and scattered and fill pages because of how many jobs they have had. The problem with this shift in worker culture is that there is less loyalty to any one company and a lack of feeling like the employee is part of the “family” and truly part of the company long-term.

Jack Welch was the CEO of GE when my dad was an employee. His statement is as true then as it is today. The first thing he emphasizes is employee engagement. It all hinges on that.

“There are only three measurements that tell you nearly everything you need to know about your organization’s overall performance: employee engagement, customer satisfaction, and cash flow. It goes without saying that no company, small or large, can win over the long run without energized employees who believe in the mission and understand how to achieve it.” Jack Welch

Feeling Temporary

When employees feel like they are temporary, they don’t feel obligated to work as hard and care about small things like rules and annual trainings. They also feel that if things become too burdensome, they can just leave the job rather than working through an issue or trying to become part of the solution to change the culture.

“Engaged employees stay for what they give, while disengaged employees stay for what they get.” Terrie Nolinske

Inclusion in Decision Making

The key to engagement within today’s society is giving employees more input and say into how they can be part of the organization. This is even true when it comes to the various trainings a company mandates.

When choosing a vendor for training, I see some organizations now asking a diverse workforce cross-section their opinion on which vendor to choose. The vendor is not just chosen on price or the recommendation of one person or department. People want to feel like they have a say in the requirements and how things are implemented.

Using Gamification in Cybersecurity Training

Employees also like to see where they are in relation to others in the organization. Today’s cybersecurity and compliance training needs to provide elements of gamification to help encourage engagement. Individual tracks of learning based on job roles, as well as leaderboards for departments and divisions to measure and evaluate themselves, are all helpful tools for engagement.

Two women on laptops complete their company's cybersecurity training. They are smiling and enjoying the process.

The Seven Types of Learning Modalities

There are seven different types of learning modalities. When different types of training are employed, an employee will feel more connected to the content. A solid cybersecurity awareness program will likely have “drip” training for continual dispersement of content, monthly checks, monthly lunch and learns, monthly prizes and recognition, quarterly games, and special events, and a focus on all employees, from the board members to the front desk receptionist.

The Four Key Factors for Engagement:

There are four key factors to creating engagement around mandatory employee training.

  1. Use multiple forms of teaching
  2. Individual tracks of learning
  3. Group measurement and encouragement (gamification)
  4. Microlearning or consistent training throughout the year

All employee training should implement these factors, especially cybersecurity and compliance training.

Training is Key to Knowing What to do When

Many companies have a brief day of onboarding for employees. The problem is that we don’t learn if we hear something only once. The Ebbinhauser Forgetting Curve talks about how we need to have reinforcement of materials to prevent the decline of retention over time.

Successful employee training provides consistent learning opportunities that reinforce valuable concepts. Doing so with cybersecurity training ensures your team will know what to do when, as it relates to the security of your company.

Adding it All Up

By creating a place where employees feel valued, allowing employees a say in corporate training, including the four key factors of engagement, and utilizing repetition, your cybersecurity preparation will be built on a good foundation.

For a free demo of our platform, click here.