Security awareness

Why microlearning works: A security awareness perspective

Tyler Schultz
January 14, 2020 by
Tyler Schultz

In recent years, microlearning has transformed from a buzzword in educational science to a staple in skill-based learning and for good reason — it works. It’s understandable why short, targeted training sessions are effective for people learning a simple skill or paving their own personal development plan, but security awareness and training is a different animal. Employee security training includes compliance requirements, a wide range of topics and a diverse workforce battling distractions, busy schedules and that nagging question, “What does cybersecurity have to do with me?”

So what is microlearning and is it actually effective for security awareness and training? In this post, we’ll explore microlearning techniques, how you can use it to achieve your training goals and what it means for one of the most important stakeholders in your security awareness and training program: your employees.

Strengthen security awareness with human risk management

Strengthen security awareness with human risk management

Infosec HRM, powered by Right-Hand Cybersecurity, provides alert-based training nudges to minimize human risk at your organization. 

Jump ahead

What is microlearning?

Microlearning is an educational strategy using short, targeted training to teach learners a single skill or behavior. Microlearning is the antithesis of traditional, long-form educational techniques covering a wide spectrum of skills or knowledge over the course of 30 minutes, an hour or longer.

Microlearning education includes computer-based training modules, exercises or tools (such as tip sheets or posters) that take less than five minutes to complete and leave the learner with one key takeaway to apply or reference in the future. Although microlearning consists of bite-sized training, it can be used to cover complex skills or a wide range of topics by spreading multiple microlearning lessons over the course of several weeks or months.

phishing microlearning education

By definition, microlearning is brief, but just because a training exercise is short doesn’t mean it's effective. Microlearning must be concise, relevant and engaging to capture the learner’s attention and deliver knowledge that is digestible, memorable and actionable.

Why microlearning works — a scientific perspective

Microlearning stems from a unique approach to education. Instead of asking, “What do my employees need to learn?”, start with the question, “How do my employees learn most effectively?”

Research shows learning in brief increments matches the attention spans of people and drives greater information retention than long-form training. It’s no real surprise, either.

If you take an hour-long French culinary class in January, will you remember the difference between beignets and bouchées by March? How much will you remember by December?

Microlearning not only meets your employees at their capacities for attention and knowledge acquisition, it also leverages a core learning principle: repetition. By completing multiple, brief training exercises over time, learners are given the chance to internalize individual lessons and grow their knowledge.

The benefits of microlearning go beyond knowledge retention. One study even found employees who completed microlearning rather than long-form education reported higher confidence in their knowledge and skills.

Why microlearning works — a security awareness perspective

The science behind microlearning is interesting and useful in many educational settings. However, as any security awareness manager or corporate trainer knows, employee training is vastly different from voluntary education or career-advancing skill development. Security awareness and training requires employees to take time out of their busy schedules to complete training, often with little to no incentive beyond helping keep their organization secure.

And for security professionals, the importance of security awareness and training goes far beyond training completion. You need your employees to truly understand the cybersecurity threats they face, acquire the skills to detect them and change their behaviors to avoid and report attacks.

Since you rely on each employee to help keep your organization secure, shouldn’t their convenience and learning preferences matter more than the ease of long-form training that covers every topic at once?

Microlearning allows your employees to quickly complete training without disrupting their schedule. While this is certainly more convenient for employees, it also comes with the added benefit of keeping cybersecurity top-of-mind and encouraging dialogue about security best-practices all year.

When you think about your employees as the consumers of your training, rather than targets for education, you build a win-win situation. Your employees have a better experience with training, learn more and put your organization in a better position to remain cyber secure.

How to implement microlearning in your security awareness program

There are two primary methods to implement security awareness microlearning in your training program.

Microlearning security awareness program

Many security awareness practitioners are turning to microlearning as their exclusive training technique. This means building an entire, year-round training program consisting entirely of microlearning modules and supplemental training resources. For example, you could deliver one three-minute training module each month over the course of the year to cover every core cybersecurity topic recommended by NIST. You can then reinforce lessons with posters, infographics and simulated phishing training year-round. This allows you to reap the rewards of security awareness microlearning without sacrificing the depth of education.

 
 

In-the-moment microlearning

Microlearning is also extremely effective for in-the-moment training. This type of training is delivered the moment an employee clicks a simulated phishing email or takes a risky action that is blocked by your endpoint protection software. In-the-moment training delivers education in the most teachable moment, targeted to the specific action the employee took to help them avoid the same mistake in the future. Because in-the-moment training is delivered in real-time during an employee’s day-to-day work, microlearning is both more effective and also less disruptive.

 
Get six free posters

Get six free posters

Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.

Get started with security awareness microlearning

Microlearning training modules and tools come in all shapes and sizes. Want to preview industry-leading microlearning content or test training on your employees? Start a free Infosec IQ account today to see for yourself.

Get Started
Tyler Schultz
Tyler Schultz

Tyler Schultz is a marketing professional with over seven years of experience delivering SaaS solutions to organizations of all sizes. As a product marketing manager at Infosec, he is dedicated to helping organizations build strong cybersecurity cultures and meet their security awareness goals. He helps the Infosec team push the boundaries of effective and engaging security awareness training with a focus on experiential learning, gamification, microlearning and in-the-moment training. Tyler is a UW-Madison and UW-Whitewater graduate and Certified Security Awareness Practitioner (CSAP).