Security Protection Protection Privacy Seminar Conference Learni

Four Reasons your Compliance Training is Missing the Mark

Compliance training is rarely a team favorite. In fact, many employees might look upon it as a burden, something to sit through out of obligation. This is likely due to dull, off-the-shelf online learning solutions or poorly designed learning programs that fail to consider easy-to-avoid common practices. While the least-effective cybersecurity training programs can have a 7-fold return on investment (ROI), according to research by Ponemon1 it is possible to have a 37-fold ROI with well-designed, intentional programs. Instead of chasing colleagues to complete uninspired training, consider these four ROI-boosting options.

First, is the content relevant to your staff? It is easy to buy off-the-shelf cybersecurity training, but that means it is one-size-fits all, and we know not all companies are alike. Imagine you are a non-profit company but all the stories you experience in a generic training are sales-related. If the training highlights key security points about revealing corporate income statements and customer purchase details, it is easy to tune out and feel frustrated. Instead, highlighting stories about the community they support as well as donor relations would be more applicable to the non-profit audience. Learners will be drawn into the content because they can see how it relates to their work.

Second, too many online training courses are “click and drool” solutions. Have you ever taken training that had you read the text, click next, listen to a statement, click next, answer a question, click next, and keep going until you were grateful you reached the end? And often, you’re asked to complete the same elearning program again the next year, without updated content. Long, uninteresting compliance training keeps learners awake just enough to keep clicking next in hopes of reaching the end sooner, rather than later. Learning should be interesting and engaging. Similar to relevance, the drive to click “next” isn’t the same for everyone. Knowing the audience can enable an instructional designer to create learning solutions that draw a learner’s attention, are thought-provoking, and interest participants.

Admittedly, compliance topics can be hard to continuously keep interesting. This is especially difficult when the classic “click and drool” solution is combined with the third common practice: having the training be a one-time course that crams a lot of content into a single session. When you were in school and stayed up all night cramming for an exam, you might have been able to answer the questions on an immediate test, but it did little for long-term retention. Requiring staff to complete a yearly training program does not ensure the information will be retained. Instead, Behavioral and Brain Science research shows that space repetition can “be a cost-effective approach—learning becomes more durable in the same amount of time (relative to massed practice), and this can lead to future savings because less time needs to be spent on relearning content that has been forgotten, leaving more time for other productive learning activities.” 2 Learning should be spread out over time to continuously engage learners with the content rather than a quick “connect and forget” training approach.

Lastly, providing incentives can increase participation and interest in learning. An incentive can be as easy as clearly explaining the “what’s in it for me (WIIFM)” perspective to someone. A real-world example that clarifies the impact of one’s personal information getting shared with strangers can be eye-opening. You don’t want to be that person who clicked an attachment that spread malware throughout the company! Alternatively, incentives can be introduced through fun games or rewards for participation or specific actions, such as simple “badges” or stickers. Developing and maintaining team personas can keep incentives relevant for each audience.

For the sake of minimum compliance click-through, it is easy to turn to an inexpensive off-the-shelf solution. Yet, doing so may continue to demotivate learning interest and lower information retention. Additionally, beyond the check box, it is important to keep your company safe from ransomware, financial penalties, theft, and reputational damage. Instead, create relatable training, make it interesting, provide small chunks throughout the learning cycles, help learners know why content is valuable, and/or provide incentives if additional motivation is needed. Learners will remember more and follow the compliance guidelines with fewer heavy sighs.

1 CSO Online, Does Security Awareness Training Even Work?
2 Spaced Repetition Promotes Efficient and Effective Learning: Policy Implications for Instruction, Sean H. K. Kang

Jeanette Rogers is the Director of Instructional Design and Learning at Kalles Group. She is passionate about creating training that is innovative, making education interesting and engaging for all types of learners. Her priority is increasing the number of learners who want to come back for more educational opportunities by providing learning that is effective and motivating.