5 Ways to Create Impactful Cybersecurity Training
Figuring out the right amount of time and topics to cover along with the frequency of security training can be tricky. Often, security professionals are told to create training that is fun and enjoyable for colleagues. While engagement is an important metric to track, it doesn’t mean that people learned from the training or that it reduced risk for the organization.
In this blog, we’ll go over how to create impactful, relevant and applicable training that enhances learning retention without the need of games to keep people engaged.
Understanding Where People Need Help
To create training that addresses learning gaps you need to understand areas where people excel and areas they can improve. You can analyze phish that are frequently reported and pull results from real attacks that have been targeted at your organization, or you can also ask your colleagues where they need help through knowledge assessments. Knowledge assessments can be surveys, quizzes or short questionnaires where you supply questions that you want answered and ask open ended questions to see if there are additional areas folks are struggling with.
Once you get the results, training can be tailored to the areas where people are weakest; and if they are strong in an area, they can quickly be presented with information that meets compliance needs but doesn’t require too much time.
How to Ensure Training is Retained
German psychologist Hermann Ebbinghaus conducted tests to study memory over various periods of time. His study found that 80% of learning is lost within the first 48 hours. Following this discovery, he identified certain factors that contribute to memory loss. First, the stronger the memory, the less likely someone is to forget it. This is why training should be impactful and highly relevant to the individual learner.
Second, he found that information is retained more when it’s based on information the learner already knows. Spacing education throughout the year helps an individual retain what they’ve learned. It’s also why many organizations have annual refresher training.
Third, interactive and clear education helps with learning retention, which is why having a quiz at the end of a course and using simple terms to explain more complex subjects helps people remember what they’ve learned.
5 Ways to Create Impactful Cybersecurity Training
When it comes to cybersecurity awareness training, you want to ensure that training is remembered. Use these 5 guidelines to boost engagement and increase learning retention:
1. Length
Training that is too long can leave people feeling bored or uninterested. But training that is too short can leave people feeling confused or that they need more information. You should aim for training or educational content to be precise, relevant and applicable. Only include information that is relevant to the people taking the course and that will help protect them and the organization.
Beauceron Tip: Micro learning courses are a great way to keep people engaged since they’re short and contain only the essentials needed the understand the subject.
2. Relevance
Nobody wants to engage with content that has nothing to do with their role or that they simply can’t relate to it. Sometimes creating courses for the entire organization just doesn’t work. People who work in different divisions or have specific responsibilities may need special training that identifies their specific exposure to risk. When assigning training, consider what information certain individuals or departments have access to. If someone doesn’t need to know about a specific risk – don’t assign them training on it!
Beauceron Tip: Beauceron Security’s Reel Time Remediation makes it easier to deliver impactful and relevant training when it’s needed most. Take advantage of just-in-time learning to create a dynamic learning experience when someone clicks on a phish. Situation-based education improves learning satisfaction by addressing specifically why the individual clicked on a phish and automatically creates, tailored, customized content specific to the individual learner.
Interested in learning more about Reel Time Remediation? Chat with a member of the Beauceron Pack: https://meetings.hubspot.com/catherine-crawshaw/get-started
3. Format
You don’t have to rely on games for cybersecurity learning. To create impactful and relevant content, consider how people at your organization learn best. Are they mostly audio learners? Visual learners? Sending out a quick survey to identify how people learn can help you determine how to communicate security best practices and updates.
Beauceron Tip: You could spend a lot of time creating games that may momentarily boost engagement – but if the content isn’t retained – it isn’t reducing risk for the organization. Try instead to add some visual elements like screenshots, fun graphics or images to your content to help keep engagement up.
4. Complexity
Your colleagues don’t need to be cybersecurity masters to protect themselves and the organization. Be conscious of techy terms and try to write plainly to ensure that your message is being understood.
Beauceron Tip: When introducing new terms or concepts, include a definition and an example to help with learning retention.
5. Frequency
Training that is too spaced out can lead to people forgetting what they learned. But training that is too frequent can lead to frustration and takes people away from their assigned tasked. We recommend quarterly training to ensure that cybersecurity remains top of mind without taking people away from their assigned tasks too frequently.
Beauceron Tip: Schedule training so that it can be automatically delivered at the frequency that works best for your organization.
Interested in Learning More?
In our 2023 Annual Report, we provide examples of how you can create impactful, relevant and applicable training that enhances learning retention.
Download the report to learn how you can provide the right education, at the right time and effectively reduce cyber risk: https://content.beauceronsecurity.com/state-of-cybersecurity-awareness-report
