Within the next 24 months, your employees will need highly targeted and continuous learning and performance resources focused on cybersecurity.
This will be a significant and disruptive shift in the drivers and sponsorships of workplace learning. Currently, most learning is triggered by compliance or regulatory needs, development of leadership candidates, new skills for employees and systems changes. But the dangerous world of cyberthreats will require learning and development departments to adjust and expand their focus, content, resources and expertise — to be on the front line of readiness to keep employees and the enterprise safe and secure.
However, we can’t teach “be safe” skills in an environment where the sources of threats change constantly and instantly. Consider the following.
Every week, employees receive very structured scam emails posing as alerts from banks or shipping organizations. They look and appear legitimate. How do we prepare or alert our workforce for these threats?
Mobile devices will be used more and more with our enterprise systems, opening up new risks and threats. Do we allow our workers to attend a webinar from a laptop at an airport?
A customer may be reluctant to give personal information to the sales agent from your organization because they have experienced three instances where databases were hacked, exposing social security numbers, credit card info and more. How do we address this?
How can information be received weekly about the level of cybersecurity risk or readiness? Is there a display in the office or can information be delivered via text message that provides real-time scanning on risky behaviors?
How can we build a great level of safety and security within the digital side of our businesses and create a sense of safety and comfort for our employees? What are the new skills, certifications and assessments needed for IT, risk management and now learning professionals in cybersecurity readiness?
This is a topic without a single or easy-to-identify subject matter expert. Cyberthreats are changing so rapidly that we will need to source multiple resources, including tech companies (Google, Microsoft, Apple, Cisco), government security agencies (NSA, CIA, FBI) and human resource and talent groups, as well as consulting assets.
Adding to this complexity is the need to develop a global approach to cybersecurity. Recent changes in the data protection rules for the European Commission highlight the global aspect of this learning and support requirement: Data security requirements change based on the location of the data, the country of the employee and the nature of the cross-country transaction.
Cyberthreats are harder to sometimes detect or rule out when the language of an email or system is not the native language of the learner. I recently got an email from the French embassy in Spain and could not easily see if it was legitimate. Our cybersecurity threat information and learning resources will need to be provided in a wide range of languages.
Blockchain technology is another thing to consider. Increasingly our data will be on multiple servers, often in a blockchain layout, which should have higher degrees of security. But this is an emerging and threat-filled model.
We must also be mindful of overlap in personal and enterprise data sources. An employee may be listed on LinkedIn indicating that they work for your organization. A person or group wanting to penetrate your security could find this employee on LinkedIn, start a social conversation, and, over time, subtly gain trust and perhaps access to corporate information.
Learning professionals will need to harness a new set of partners and design approaches for this urgent topic. Let’s leverage user experience to test design models that work best to teach or support learners in their “moments of need.” We must increase our IT and cyber language familiarity and coach our colleagues in tech departments on better forms of embedded learning and support resources.
Finally, we must watch the overall level of employee awareness and the level of trust in the digital side of our enterprises.