TACKLING EMPLOYEE TRAINING FATIGUE BY REIMAGINING IT
Recent statistics pointing to employee training fatigue, particularly in the context of IT and security training, highlight a growing concern about the effectiveness of training programs and their ability to adequately engage employees. This is not only true among the general population of employees, but also among IT staff members. One study found that 25% of IT security professionals are seriously considering leaving their jobs — 24% are considering leaving the profession entirely.
A related concern — especially as many organizations have transferred much of their learning and development (L&D) activities into the digital realm, is growing fatigue related to digital overload. This overload, along with a proliferation of communication channels, is leading to a drop in engagement with cybersecurity training — 45% say that this overload is reducing their ability to effectively identify and respond to cybersecurity threats.
That's a situation that organizations and their HR and L&D staff need to be aware of and take steps to address. Here are some ways you can improve your cybersecurity awareness training efforts to achieve better results.
Dare To Be Different
Most cybersecurity training — in fact, most corporate training, in general — tends to be all too painfully similar. The pandemic drove many training efforts online and there many stayed. There's a benefit in being able to access training on-demand, but there can be tedium too. While this mainstay format may be part of your training efforts, consider ways you might dare to be different when providing cybersecurity training.
Suggestions:
• Random, interactive polls in a competitive format with "winners" applauded and "losers" privately provided with personalized coaching.
• Pop-up news notifications challenges. When a breach occurs at an organization like yours, push the news out to staff along with a challenge question. For instance: "What steps could you personally take to help prevent something like this from happening at our office?" Share the best responses at an all-hands meeting or in the company newsletter.
• Provide training in tidbits. Arm managers and supervisors with brief key points or messages that can be shared in bite-sized pieces, quickly, during staff meetings.
• User-generated content. Get employees involved by challenging them to create brief TikTok-like videos highlighting important cybersecurity points in a fun and entertaining way. Offer prizes for the best/most liked content.
There are a variety of ways that you can think creatively about how to deliver security awareness training. While traditional training may still be your mainstay, think of ways you could enliven it by adding some additional, innovative, and interactive training options.
Consider how you might incorporate best practices into all your security awareness training efforts.
Best Practice Training Tips
Rudimentary forms of training can be traced back to prehistoric times. Corporate training also has a long history. R. Hoe and Company is credited with offering the first form of workplace training back in 1872. You'd think we would have picked up some good best practices over the past 150 years. And we have.
• Provide variety. Mix up your content delivery by incorporating a balance of lectures with interactive elements like quizzes, polls, group discussions, and simulations.
• Incorporate gamification. People like competition. Augment training with competitions, leaderboards, rewards, and prizes.
• Offer flexibility and variation. Employee learning preferences are varied; training offers should be, too.
• Make it visually appealing — and modern. Today's employees are used to consuming information in highly visual, often entertaining formats — think YouTube and Instagram.
• Make it relevant. Make sure it's clear to your employee learners why this information is important, and relevant, to them. Yes, it will benefit the organization. But what will they, personally, get out of it? Hint: employees have security-related concerns just like your organization does. How can this information help them protect their family data and devices?
• Make it personalized. Don't create a one-size-fits-all training course because one size doesn't fit all. For instance, the information required by the IT staff will differ from that needed by employees in the marketing department. Don't force them to consume the same information.
• Seek ongoing feedback from employees and managers to learn how training can be made more engaging and impactful. Do employees feel the training was relevant and enjoyable? Did they learn something? Are managers and supervisors seeing the information impacting behaviors?
• Track progress continually — not just learner sentiment about the training but actual organizational impact. Has security awareness improved? Have incidents lessened or have reports increased? Have specific goals related to your cybersecurity awareness training and measure against those goals. Share results with employees, and thank them for their efforts in helping to achieve goals. Enlist their support to close identified gaps.
• Commit to continuous improvement. Security awareness is a journey, not a destination. You will never achieve 100% success, but you can achieve incremental improvement over time.
Final Thoughts
Employee training fatigue is real. But it doesn't have to be a constraint on your training efforts. Think of ways you can approach training differently to better engage employees. What new methods and techniques will you implement to combat training fatigue?
2024-05-03T13:46:10Z dg43tfdfdgfd
