Rethinking Cybersecurity Training

Aug 18, 2023 | Cybersecurity, Gamification

IT leaders need to rethink how they train teams.

IT leaders’ biggest mistake is using the lowest standard (annual) for required cybersecurity training to keep their teams and organizations safe. Training in cybersecurity must be more frequent, engaging, and part of the daily routine to reduce the risk of a successful cyber attack.

Man on computer attempting to log into a virtual private network.

Photo by Dan Nelson on Unsplash

Low cybersecurity training standards leave you at risk

Traditional training in any topic given in a large block of information is quickly forgotten without reinforcement. With cybersecurity, the problem is amplified because the subject is scary and not fun to learn about. Ninety percent of cyber incidents can be traced back to human error. It is the most significant single factor in a cyber incident or breach. And only 20 percent of training information is remembered after 30 days without reinforcement, according to the research of Hermann Ebbinghaus. Traditional training must change, especially in areas as critically essential as cybersecurity.

Cybersecurity is a people problem, not a hardware problem. Investing in training the end users or people within an organization is how to create a culture shift where everyone sees themselves as part of the security team and human firewall in protecting the organization. The organization demonstrates cybersecurity is important to the company by providing more frequent training.

Employees working on desktop computers, possibly doing cybersecurity training on Drip7

Photo by Israel Andrade on Unsplash

When it comes to cybersecurity, IT leaders can train their teams better

Microlearning is a technique proven to increase retention and improve results. Organizations worldwide are learning that breaking up their training into smaller, bite-sized drips of information enables the learner to retain more information and increase the usage of the information learned. By shifting an organization’s learning to microlearning, workers of all ages feel heard, and the burden and time drain of long trainings, which are often ignored, is being replaced with a format that fits better into the mobile digital work life. Microlearning allows the importance of cybersecurity to be kept top of mind and helps employee behavior shift accordingly.

Gamification can also easily be tied with microlearning to increase engagement and interest and allow for positive reinforcement or rewards.

Learning in a corporate or business environment needs to shift to a shorter, more integrated approach by using microlearning and gamification as cornerstones for training, securing, and engaging the workforce. There are tools now to allow both large and small companies the ability to shift their training to microlearning.

By shifting to microlearning, organizations can more easily adapt to the changing environment and needs. Cyber attacks that are seen one week can be pulled into trainings and deployed the next week. Adapting to current changes is essential to maintain a strong security posture. Training should not be pulled off a shelf year after year and repeatedly used – there are platforms and tools now to help organizations retire this old training mentality.

Register for a demo of Drip7 now

Person on cell phone, possibly doing online cybersecurity training with Drip7.

Photo by Paul Hanaoka on Unsplash

Steps IT leaders can take to avoid future mistakes

As bad actors in the IT world adapt and become more sophisticated, organizations need to grow and adapt quickly to the changing attacks. According to the research of Hermann Ebbinghaus, only 20 percent of training information is remembered after 30 days without reinforcement.

Incorporating microlearning and other forms of regular reinforcement will bolster a collective mental shift to keep cybersecurity top of mind and critical skills ready as the front lines of defense. Keep training positive, playful, and not punitive. If you’re resorting to phishing tests as training, immediately ensure the user is rewarded or retrained with correct guidance as part of a continual learning loop.

Woman on a smart phone, possibly doing online cybersecurity training with Drip7.

Photo by Daria Nepriakhina on Unsplash

Take a generational approach to cybersecurity training

More than four generations of workers are currently in the active workforce. As the Baby Boomer generation ages out of the workforce and younger generations that are more digitally engaged replace them, it is important to consider how we train. Understanding how generations use and learn technology is important for any organization. Using rewards-based and gamified microlearning will help keep essential learning top of mind and more retained by employees no matter what their generation. Millennials and GenZ are tech-savvy but not necessarily cyber-savvy. Shifting the way we teach all our workers will help to endure a common understanding of the correct cyber principles that are the core of any organization’s cyber defense.

Two women talking and looking at a desktop comptur.

Photo by LinkedIn Sales Solutions on Unsplash

Contact us to learn more or to get started!