How Cybersecurity Training Can Better Reach Employees

Companies have quickly adapted to new circumstances but have unknowingly increased their risk of successful data breaches and cyberattacks.

How Cybersecurity Training Needs to Change in Order to Better Reach Employees

Living through the COVID-19 pandemic might remind us of a line from The Wizard of Oz, when Dorothy says, “Toto, I have a feeling we’re not in Kansas anymore.” Although Dorothy wanted to return home, she was a different person because of her journey. Just like her, we will never quite get back to life as we knew it before the pandemic—we have been forever changed by it. The way we work and live is always going to be different, as illustrated by an incredible 42 percent of the US labor force working from home full-time as of 2020 (Stanford News). The need for an increased understanding and use of skills in cybersecurity has never been more critical. Companies of all sizes have quickly adapted to circumstances but have unknowingly increased their risk of successful breaches. Training employees in cybersecurity needs to be a key mission and focus—because, like Dorothy, we’re not in Kansas anymore.

Twenty years ago, an employee would go to work, use an in-office computer and phone, and then leave the local network. That computer and office could be protected both from physical and virtual attacks. Today that office is on multiple devices, from multiple locations, with numerous access points to information and the internet. In fact, as of 2021, an astounding 94 percent of the internet workload is being processed in the Cloud.

With so much information being held online, companies have become more vulnerable to breaches and attacks than ever before. The FBI has seen a 400 percent increase in attacks since the start of the pandemic. We see this substantial influx due to the increase in opportunity for cybercriminals. There is no company or organization that is immune to cyber risk. With the changes in circumstances, risks, and opportunities—plus what we know about how people learn—we must start training all employees in ways that are effective, even if they’re ways we have never used before.

The current training methods are all centered around an outdated work model. They use Learning Management Systems that were never designed or adjusted to accommodate a decentralized mobile workforce. Today, training needs to meet the needs of the modern employee. Effective training needs to have five key elements to be more efficient in today’s complex environment.

5 Key Elements of Effective Training

  1. Mobile. Staff members need to access their work from anywhere—why is training any different? Making training accessible and designed for phones, tablets, and all mobile devices is a must.
  2. Frequent. Many companies have a ‘quota’ mentality when it comes to training. Was it done this year? Did the person sit through the training they were assigned a month ago? Yes or no. Training needs to be consistent and frequent to increase retention. In fact, science has shown that only 20 percent of information is retained after 30 days without reinforcement.
  3. Content needs to be presented frequently with the ability to update and adapt. Attacks on a company are frequently deployed and changing rapidly. Training needs to adapt to current trends and present content specified for individual industries.
  4. Not only do people learn differently and have different schedules with competing deadlines, in organizations different groups often need to learn different things.
  5. Gamified. We now have a younger, more technologically literate workforce that has driven the explosion of gamification. Games used to be seen as an activity for relaxation during free time. Now with a highly fragmented time-sensitive society, games and training are blending to encourage engagement, retention, and skill development.

Since the start of the pandemic, the healthcare industry has been hit extremely hard. These organizations were required to rapidly shift, adapt to new procedures, and create new business processes in order to save lives. These changes also created huge cybersecurity risk exposures. In 2020, the number of healthcare cyberattacks doubled, with ransomware attacks accounting for 28 percent of all documented attacks. But out of necessity comes innovation and new technologies. Cutting-edge developments in cyber education that began in the healthcare sector are now being adopted and implemented across other industries.

Our journey through the pandemic has been challenging and life-altering. Technology has been permanently affected by our adapting to new circumstances. Training is seeing new innovations, specifically in cybersecurity—changes that are both desperately needed and innovative. Dorothy and Toto did find the yellow brick road that was crucial to returning them to Kansas. Many companies are still looking for that magical path back to how things were—but we don’t get there by doing things the way they’ve always been done. The way to safety will include doing things differently—and that means improving training to be mobile, frequent, current, customizable, and gamified—no matter where you’re starting.

Heather Stratford
Heather Stratford is the Founder of Drip7 and a thought-leader in the IT Training and Cybersecurity field. Heather keynotes at conferences, universities, and for enterprise clients. She writes on cybersecurity and has been featured and written for such global organizations as the 2018 G7 Summit held in Canada. Heather regularly speaks about Cybersecurity, Women in Technology, Women and Diversity in Cybersecurity, creating a Cybersecurity Culture, Entrepreneurship, Privacy, and the shifting regulations and how to manage cybersecurity risks.