26 and under: How do you engage them in cyber security training?

Over the past couple of years, organisations and employees have seen the forced migration of work from office spaces to remote locations. This has led to the development of new programs, services, and tools for employees to continue working efficiently and without issue outside of normal working conditions.  

Whilst innovative technologies have made it possible for remote and brick-and-mortar work to exist alongside each other, you may be finding it harder than usual to engage remote workers and digital natives with your cybersecurity training. 

How do you adapt your digital learning programmes to engage employees that already live highly digital lives? This is where the role of learning and development managers must evolve dramatically, and we are here today to discuss how.  

What do we know about digital natives? 

Digital natives – employees under the age of 26 who grew up with technology from an early age – are more likely to adjust to new remote working conditions due to their affinity for tech.  

However, new research conducted between March and May surveyed more than 500,000 employees at over 100 companies. The survey found that employees under the age of 26 can feel disconnected from organisational efforts and goals due to working remotely. Whilst older colleagues – juggling more personal responsibilities – are thankful for the flexibility and freedom afforded to them now. 

Digital natives are struggling with the physical limitations of working in small spaces, in social isolation, and without any visibility to leaders and teammates. As a result, they feel vulnerable, unsure of career progression opportunities, and where they stand in the organisation.  

Remote working has made it harder for digital natives to engage in work-related activities. So, how do we flip this and encourage engagement in security campaigns and training courses?

How to engage digital natives? 

While clear and smooth communication are key, it is not enough to totally engage digital natives. Organisations and security managers should consider focusing on collaborative interventions, such as effective communication campaigns and team exercises in a remote work environment to create a sense of unity and togetherness. The goal is to make digital natives feel a part of a greater whole, rather than a disconnected cog that the company does not waste time on.  

Some ways to engage digital natives include: 

• Virtual team exercises with senior leaders focused on the cybersecurity issues and threats most pertinent to your organisation. This will not only engage digital natives as a part of the organisation, but research also shows that digital natives learn better when presented training as a group effort. You not only let digital natives be seen and feel appreciated but also challenge them to develop in the presence of their managers and senior figures.  
• Many organisations will be bringing in digital natives as new employees. In this instance, it is recommended that you implement an extensive remote security induction. Digital natives believe themselves to be adequately versed in cyber issues and solutions and can therefore be unaware of holes in their behaviours. When you front them up with your security protocols from the offset, you avoid any notion of them practicing security behaviours outside of your recommended actions.  
• Digital natives also want the freedom to learn when and where they want. When assigning training in traditional circumstances, a manager may set aside time for their employees to all do compulsory training. This is not effective with digital natives. Digital natives want an online learning platform that they can access at any time to develop new skills and capabilities. Employing a learning management system also tells digital natives that their organisation is willing and actively invested in continued growth for their employees.  
• The power of scenario-based and simulated attacks on digital natives cannot be underestimated. Digital natives are critical thinkers and problem solvers. Rather than read about attacks and responses in text and examples, they want first-hand practice with potential attacks and how one would respond to them. When an organisation has a variety of generations in their workforce, they need to consider alternative methods of teaching for different age groups. 
• Tangentially to the point above, digital natives also appreciate gamification. Gamified learning and challenges simulate the same way these digital natives picked up skills as children. Many digital natives have been learning this way their whole lives, as gamification is now a legitimate way of teaching in educational circles. Your organisation must not scoff at the thought of gamified learning as it is a proven and effective way of engaging digital natives.  
• Data and line managers should also provide consistent support on a regular basis to build trust and create a comfortable environment for young employees to clarify expectations and ask for help. Digital natives must feel welcome to advance, develop and digest cyber training. This means communication, communication, communication! Managers must help digital natives stay connected to the organisation’s security culture. 

How to deliver training to digital natives? 

Now, it may be easy to corral all digital natives into one box, i.e., they all learn one specific way … however, this is not the case. Even amongst digital natives, we see difference in the way training and development should be delivered to them. Let’s break it down: 

Microlearning: some digital natives prefer a model that encourages a flexible and pro-active approach to eLearning. The outdated notion that employees need to be pushed to do learning does not apply to all workers. In fact, digital natives that are hounded to do training, elect to put them off as it starts to feel like a classroom again, rather than independent work. Lecture-style teaching does not work for a digitally native workforce. 

Embedded Training: Expanding on the idea of microlearning, one should consider delivering bite-sized learning as a part of an employee’s day-to-day activities. This is because when humans receive small bites of information between important tasks, they are 90% more likely to retain said information. Embedded training also rids the aura of a classroom/lecture, a detail that digital natives just do not engage with anymore.  

Focused Training: As an organisation it is within your right and mandate to conduct compliance-based training, and rightfully so. However, digital natives will become disillusioned if they see training as a one-size-fits-all measure from management. This tells digital natives that their organisation does not have a training or development plan for them individually and are therefore not deeply concerned with their progression. To appeal to these workers, use embedded micro-learning to actively show employees you are invested in their development.  

The 70/20/10 Model: The 70/20/10 model has been around for some time, but it applies extremely well to digital natives and remote learning. When 70% of learning is experiential, 20% is through social interaction and 10% is through structured learning, fundamental information can be taken on board. These independent ways of learning feed into each other and boost the overall impact of the learning. Individuals not only get hands on learning from colleagues, but they can also get feedback and support, whilst always being supported by the core tenets of the learning.  

In Conclusion 

As the world changes and new generations enter the workforce, we need to question and reassess our assumptions and protocols when it comes to engaging, training, and developing employees. 

Fresh data and insight have provided us with advice on how to accurately deal with digital natives in the workplace. A part of this decision may be conducting an awareness and behaviour research survey/assessment on your workforce to see the holes and deficiencies in your security practices.  

Nevertheless, one must remember to listen to employees and understand that they all learn differently. Personalised, focused, or targeted engagement is the only proven way to ensure that digital natives are being effectively developed.  

If you would like more information about how The Security Company can support you to minimise the risks your organisation is facing, please contact Jenny Mandley.