Cybersecurity + Learning
When we’re busy and stressed, things slip. At home, if the family has a lot of appointments and extracurriculars, they may put off sweeping for another day. At work, we might get to our monthly report late if the company is in a rush season. That’s fine for cleaning, or for an internal report. But anytime protocol is not followed in cybersecurity [1] practices, it leaves the company vulnerable. Private data can be accessed. The company servers become vulnerable to computer viruses. Depending on the situation, client trust and ethics can become compromised.
Cybersecurity is already becoming a more urgent need. In the first half of 2019, attacks on devices that transmit data wirelessly increased by three times [2]. Additionally, 63% of companies reported a potential compromise of data in the past year [2]. Cybersecurity is especially important during remote work. Employees are often working on their personal computers, rather than company-owned and protected computers. They often use VPNs and other tools to keep the outside out when they aren’t directly connected to company servers.
As your employees’ stress has increased due to the continuing health crisis and other ongoing and escalating national events, they are experiencing a state of mind that might make them susceptible to letting the little things slide. That can include cybersecurity. This article will present some ways you can keep your company focused on cybersecurity as remote work continues in many parts of the country and internationally.
Require Monthly Microlearning Modules
Cybersecurity training is often presented one time, as part of onboarding, and never repeated. Over time, learners forget the details. Monthly microlearning, in which each month learners complete a short module on a different aspect of a key topic, is a great tool for regularly refreshing learner knowledge.
This is a common tool in many industries for various safety topics. For example, many businesses in the food industry will require their employees to complete monthly microlearning modules on topics related to food safety and fire emergency protocol. At grocery stores, employees may complete modules about topics like alcohol laws and PPE use.
Cybersecurity is a matter of digital and data safety, so why not bring protocol to the front of employees’ minds with a monthly microlearning module?
Microlearning is a good choice for reinforcing cybersecurity practices is because it:
- Is short, so it doesn’t take up much time
- Can be completed on each individual’s own schedule
- Is a proven method for teaching hard skills
- Can be created by breaking up an already existing course, so it will be inexpensive and efficient to design
Some companies include quizzes at the end of each module. They offer learners extra incentive to pay attention by giving high scorers a reward or entering high scorers into a raffle for a gift card or other prize.
Create Cybersecurity Simulations
Simulations and scenario-based trainings ask the learner to participate in a fictional scenario based on real life. They have to make decisions and then are informed of the outcome—either positive or negative—of their decisions. Simulations can vary in complexity. They can be text-based, individual assignments. Or they can involve group work and use real-life tools in order to work through an example scenario.
Simulations can test your employees’ cybersecurity instincts. It’s easy to learn the best practices of how to prevent malware. But in their everyday lives, people frequently open emails from people they don’t know, visit illegitimate websites and perform other tasks that could make them vulnerable. Simulations can make employees aware of how their everyday decisions can compromise cybersecurity.
Simulations aren’t as unusual as you may think, and they don’t require high-tech solutions. For example, a fire drill could be considered a simulation. Just like most workplaces and schools have people practice safety through fire drills, you can have employees practice cybersecurity through digital safety drills.
A real-life company tested their employees by sending a fake “phishing” email to their work address. If the employees clicked on a link inside the email, they were redirected to a page that explained they just compromised the security of their computer. If they marked it as a scam, they were congratulated.
Employees who failed the simulation were required to complete additional training. They were then put on the list to receive another fake phishing email at a random point in time after that training. The knowledge that employees will be subject to additional training if they don’t play by cybersecurity rules can create an extra incentive for learners to follow best practices and protocol every time.
Invite A Guest Speaker
Hosting guest speakers is possible even when all employees are remote. Many companies and organizations are currently hosting such events by using live video. The advantage of having a guest speaker on a video conference is that the video can be easily recorded for later viewing. The video can even be edited and uploaded to your LMS as microlearning.
Guest speakers on cybersecurity may seem strange, but they are actually quite common and can be a great way to reach employees. Experienced guest speakers make cybersecurity, a pretty dry topic, fun and interesting. They often share compelling real-life stories about the consequences of not following best practices. Many people have not experienced identity fraud, or other serious consequences of being lax about internet privacy. But a compelling story can reach them on an emotional level that typical training material will miss.
A guest speaker is a particularly effective solution during this time. Many of us are experiencing boredom and our days are starting to blend together. Most people don’t have a lot of options for exciting activities. A company-wide guest speaker can be made into something of an event, which will add interest and increase retention of important information. Making it extra festive by giving employees funds to order lunch to eat during the speech, or having a digital raffle, will add excitement.
Retaining Focus Means Engagement And Repetition
The suggestions in this article are just a few of the options available for retaining a focus on cybersecurity during remote work. What it really comes down to is using methods that increase employee engagement with the material and give them the opportunity to revisit it on a regular basis. These two aspects will ensure your employees remember cybersecurity best practices, and therefore reduce the chance that company security will be compromised.
References:
[1] Training to Prevent Crisis
[2] Top cybersecurity facts, figures and statistics for 2020
