Trying to learn large amounts of information in one sitting is often overwhelming and leads to lower retention. Psychologist Hermann Ebbinghaus found in studying himself in the 1800s that only 20% of information learned is retained four weeks later. However, his retention increased from 80% to 90% when using microlearning. That means he took in small and bite-size pieces of information in a single sitting.

In today’s fast-paced business world, days taken away from regular work and given to training can put a project behind. Some companies mandate yearly training, making it something employees dread or simply tolerate. This often means that employees can easily overlook cybersecurity training or that trainers deliver it in ways that result in glazed eyes and information overload.

Microlearning can help employees learn in small doses and improve the odds that they remember and apply the lessons. This approach not only teaches employees, but creates a culture of learning, which means increased curiosity and often innovation. Instead of keeping a totally serious approach, look for ways to creatively catch employees’ attention.

You want employees to think of cybersecurity as part of their job, not something managed by the IT department. That messaging should also tie back to how cybersecurity relates to their job and life. Make cybersecurity interesting and relevant, such as by sharing new threats.

Here are five ways to use microlearning to help your employees learn important cybersecurity guidelines.

Videos for microlearning

While cybersecurity isn’t a laughing matter, humor is a great learning tool and gets people to pay attention. Most of the videos I watched while researching this story were boring. But I did find several great videos out there. I kept laughing out loud at Mimecast’s videos — yes, there is a character called Human Error, complete with a bathroom, as well as another called Sound Judgment — that drive home the points very creatively. And this channel contains many videos on a wide range of topics. Habitu8 also has some great videos, especially the social engineering video and the social media privacy one. You can also check out ECPI University’s list of 15 funny cybersecurity videos.

A short and to-the-point video works great as well. A one- or two-minute video on a very specific topic, such as how to spot a phishing email or what makes a strong password, can be very effective. You can either use some of the many videos online or create your own.

Text messages

Instead of writing another email listing dos and don’ts, make a list of 10 to 15 tips, such as five passwords not to use and reminders not to click on unknown links. Because of the format, you are forced to keep the message short, which can increase the odds of people reading and remembering it.

Next, create a text group for your employees or use software to automate the process, then set up scheduled microlearning through text. In the text, you want to cover why they should care and what to do. For example, “Got a message asking you to sign up for the bake sale this week? Check again. Click on the link and you may be getting a virus instead of a signup link for brownies. A new scam is going around — don’t be the next target.”

Turning learning into a game

Everyone loves games, especially if they come with prizes. You can have a quiz-style game about cybersecurity knowledge at your next company meeting. Or you could have people earn badges by watching all your videos. And to promote good habits, you can even have prizes for teams that go the longest without an issue.

Microlearning doses from experts

Your employees are used to hearing you or other IT leaders talk about cybersecurity. So, mix it up and bring in other voices. Aim for a two-to-five-minute talk from other experts in the field or in your company. You could record someone external to play at the meeting or video conference them in. Also, consider having non-technical employees talk about how they prevented an incident, such as not clicking on a link, or about what happened when they encountered a threat, such as a ransomware attempt.

Posters: Old but good

Yes, it’s a little — okay, a lot — cheesy. But posters in highly visible locations work. Make reminder signs about cybersecurity guidelines and hang them around the office. On each poster, explain why it matters and what the employees should do (or not do) in short and simple text. Be sure to add eye-catching graphics, and humor never hurts as well. Hang them in the break room, in the bathroom and on doors. Be sure to rotate the signs and change the messages. You can even turn these into gamification by offering prizes on the poster to encourage people to read them.

While the core principle of microlearning is a small amount of information and a short time commitment, the method also means repeating the same information in different formats. For example, you can distribute a funny video about how attackers can use information gained from personal social media accounts to sneak into the corporate network. Then the next week, you can send a text message on exactly how to set privacy settings for Facebook. You can then round out the microlearning a few weeks later, asking employees if they changed their privacy settings and offering a small prize to the first 10 people who send a screenshot of their updated privacy settings.

Microlearning contributes to a culture of cybersecurity

Because cybersecurity is an important and serious topic, it’s easy to assume that training must be formal as well. By taking a more personal and fun approach to cybersecurity, you can create messages that your employees will not only pay attention to but actually remember next time they get a suspicious email or change their password.

Organizations that are the most protected from threats are those that have a culture of cybersecurity — meaning that they often discuss ways of staying safe and every employee feels that they are responsible for cybersecurity. By using microlearning, you can not only help your employees learn important information, but also keep the message of cybersecurity awareness at the front of their minds on a weekly or daily basis. Most important, you can make cybersecurity interesting and relevant to their jobs and lives.

More from Security Services

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

Machine learning operations can revolutionize cybersecurity

4 min read - Machine learning operations (MLOps) refers to the practices and tools employed to streamline the deployment, management and monitoring of machine learning models in production environments. While MLOps is commonly associated with data science and machine learning workflows, its integration with cybersecurity brings new capabilities to detect and respond to threats in real-time. It involves streamlining the deployment and management of machine learning models, enabling organizations to gain insight from vast amounts of data and improve their overall security posture. Defining…

Zero-day attacks are on the rise. Can patches keep up?

4 min read - That latest cyberattack threatening your organization is likely coming from outside the corporate network. According to Mandiant’s M-Trends 2023 report, 63% of breaches came from an outside entity — a considerable rise from 47% the year before. When it comes to how intruders are getting into the network, it depends on the organization’s location. Spearphishing is the top attack vector in Europe, while credential theft-based attacks are the number one type of attack in Asia, Kevin Mandia, Mandiant CEO, told…

The future of SIEM: Embracing predictive analytics

4 min read - Security information and event management (SIEM) is a crucial tool that offers real-time monitoring and analysis of security-related events as well as tracking and logging of security data for compliance or auditing purposes. SIEM plays an important role in identifying security incidents and helping IT and security teams respond effectively. However, as threats become more sophisticated, SIEM solutions must evolve to keep up. The future of SIEM lies in predictive analytics and machine learning, which can help organizations prevent attacks…