Micro-learning has been proven to increase security awareness and retention
Regardless of company size—whether a large enterprise or small mom-and-pop shop—being the victim of a cyberattack is a real, potentially devastating threat. With major breaches including Equifax and Marriott/Starwood in the rearview mirror, and the many to inevitably come in the future, it has never been more important to arm employees with proper security education and training.
It’s common to view employees as the weakest link in an organization’s security defense, but businesses cannot blame their employees for a breach if they didn’t prepare them for the possible threats properly. This raises the question, How can you properly prepare employees? Hourlong meetings discussing cybersecurity best practices can become tedious and ineffective. And when there are pressing tasks to do, there simply aren’t enough hours in the day to complete long training sessions, nor will employees retain all of the information they need to learn.
This is where micro-learning comes in.
What is Micro-Learning?
Micro-learning is the concept of providing relevant, targeted and tailored training with the overall goal of memory retention and behavior change. When it comes to cybersecurity, micro-learning can be aimed at providing employees with the tools necessary to spot a threat without burning through the workday. Through this targeted approach, employees can become well-versed in whatever topics organizations would like to focus on, in just a fraction of the time.
In addition to being cognizant of employee’s time limitations, micro-learning is considered more effective long-term, especially when approached in a repeated and ongoing fashion. These trainings are also self-paced, meaning employees can start and revisit modules based on their schedule.
Human Beings = Human Error
When organizations are faced with a cyberthreat, employees cannot be blamed if they were never given the proper training to know how to handle them. More often than not, attacks are a result of a company not training its people appropriately. Human beings are prone to error, and when it comes to cybersecurity, one wrong click can be detrimental. This alone should underline the need for companies to provide more cybersecurity training to their employees.
While cybersecurity can seem like an IT-specific issue, it should be a priority companywide. The best way to encourage a business culture change to one that cares about cybersecurity is to train and test employees on what best practices look like. It is also important for organizations to remember that not all employees are the same, and the basic understanding of cybersecurity can vary. Although cybersecurity knowledge is not a one-size-fits-all situation, companies can tailor training based on department to make them more relevant and successful.
Phishing: A Micro-Learning Opportunity
One of the largest cybersecurity threats employees and companies face today is phishing. According to the “2018 Verizon Data Breach Investigations Report,” 93 percent of successful security breaches start with phishing.
Oftentimes, successful breaches are a result of someone with compromised credentials. However, there are a host of ways cybercriminals can use phishing—and unfortunately, these attacks continue to evolve, become more sophisticated and more difficult to detect. This alone is the reason that companies need to be aware of trends and changes in the threat landscape.
With the assistance of micro-learning, organizations can create simulations and test employees based on department and industry. These targeted test attacks allow companies to spot individuals who are likely to click on a phishing email, and helps employees to learn from their mistakes before it’s the real deal.
The Return on Micro-Learning
It’s important to understand that the results of micro-learning and security awareness training will not be immediate, but there is an overall and cumulative benefit to businesses bottom line. After all, training and education take consistency over time to change behavior. In a recent study, those who only ran phishing simulations (without accompanying security training) saw users clicking through to malicious sites an average of 26.47%. However, those who coupled training with phishing simulations saw the click rate drop to 12.32%—less than half. Further, an ongoing approach to security awareness training is found to result in 70% decrease in click rates on a phishing simulation links.
Not only is a micro-learning approach to security awareness training great for employee awareness, but its implementation makes the organization far more secure and prepared for any cyberthreat they may face in the future.