Ten words: knowledge retention, behavior change, real-time, attention spans, rich media.

As a security leader in your company – whether you sit in the C-Suite or are responsible for a team focused on security awareness training – chances are you see how rapidly the cyber landscape is changing and how quickly cyber threats are evolving. There’s social engineering. Phishing. Vishing. Whaling. Breaches. Malware. Identity theft. Access control.

While you know how important it is – and how devastating it could be to your company if there was a security breach – you find it increasingly difficult to find the time to set aside hours at a time, or even days, to train employees on new ways to fight these threats. It can be hard to move forward, keep up with changing regulations, deal with increases in business fraud and crime tied to cyber threats, and retain top talent on your own team.

So how can you more easily integrate cyber security awareness training into your routine, and provide the same level of education to your team?

Use microlearning in security awareness training.

What is microlearning?

microlearning screenshotWhile microlearning is not a new concept, it may seem like the next big thing given the emphasis put on it lately and the academic and business centric articles coming out highlighting the power of the quick, module-style learning being applied throughout companies.

The reality is micro-learning isn’t new. In fact, it was as early as 2010 that companies began translating their thick, printed training manuals to the digital space. The hope was that it would streamline learning, and while it did for a time, the problem that soon emerged was the realization that the courses still remained too long. The approach then was to take any and everything the student was learning in a real-life class and find a way to teach it online. The transfer of that content from a printed manual happened almost word for word from paper to screen and there was a lot of reading. A lot.

The style of instruction remained very traditional, featuring introductions, objectives, lots of reading, quizzes and exercises. Sometimes the courses would take one hour. Sometimes two. Maybe more. While the information and education remained important, the sheer length of the training meant it pulled employees away from their jobs for longer periods of time, at a significant drain on resources.

Work was soon done to start streamlining these long courses into something more approachable. First came the 30-minute classes. Then the 15-minute courses. Today, it’s evolved into microlearning modules that are as short as two minutes.

Why? The quicker and faster employees can get in, work on a lesson and then apply what they learn in real life, the more likely they are to retain the information. By definition, microlearning is a course that takes a user no longer than three to five minutes to complete, covers one topic and allows the student to solve one problem quickly. Because of that quick turn timeline, in the end, the main benefit – the most important outcome – for company and employer are users who learn an important bit of information and take it back immediately to their work.

Here are 5 additional benefits to integrate microlearning in security awareness training programs.

1. Microlearning enhances knowledge retention and behavior change among users.

Theo Zafirakos, Chief Information Security Officer and CISO Coach at Terranova Security, called 2019 the year company leaders should prepare for more sophisticated phishing attacks and social engineering schemes. In fact, it’s the number one topic of security awareness training in most organizations as “the bait becomes harder to detect as fraud.” As a result, employees need to be trained to continuously operate in a mindset of security. Microlearning allows that continuous training to happen without it feeling overwhelming, and without creating a culture of paranoia.

Microlearning modules are built to cover topics in bite-size, chunks, giving team members just what they need to know about a specific subject – no more, no less. Modules can be used as just-in-time training events after an employee has clicked on a phishing email or URL, or as refresher cyber security awareness training.



Companies are beginning to look at microlearning more and more as an opportunity to possibly learn from a security related event and teach employees “some tips as well as how they can be more aware and avoid this next time.”

2. Microlearning modules can be highly personalized, focusing on topics that can be adapted quickly to real-time events and are flexible to edits.

In the cyber security space, and in the technology industry as a whole, it’s not unusual to go to bed one night and wake up the next morning to learn a new security threat has emerged.

Things change quite frequently.

As a result, companies need to stay in front of that change to protect themselves.

With microlearning, courses already developed are smaller to start with, making them a lot easier to change and personalize based on the users and current events.

“In many cases, changes to microlearning modules, to address a new security threat, can be made in under a day.”

In other cases, when completely new cyber threats emerge, creating a requirement for a new security training course, microlearning can fill that need  faster than a lengthy curriculum.

Once users get started on a microlearning module, the module itself will adapt to their level of knowledge thanks to the scenario based branching design. That is, the interactive modules pose questions to the users requiring them to make a decision and depending on their choice, the scenario will branch off to different outcomes based on their response. “If” a user selects one answer, “then” it takes them down a certain path.

3. Two words – RICH MEDIA.

Digital marketers have known this for years. If you want to get people to act – to click through an online ad or get the attention of a customer – use rich media. That is, video, graphics and photos. Words alone don’t always drive people to action.

The same can be said for learning.

If you’re reading this, chances are you’ve used YouTube to teach yourself how to do something, whip up the latest recipe from your favorite chef or how to fix a broken appliance.

Microlearning, like marketing and YouTube, works because it engages users with rich media. It’s the way users want to learn on and off line, at work and at home. Microlearning reduces learning friction.

4. Microlearning works at the speed of life… and attention spans. 

Years ago, USA Today became a leader in the newspaper design space because the team started keeping all of its stories short. To the point. And in the printed version, contained on one page.

You know what they knew way back then? People have short attention spans.

Enter today’s world of social media, where everyone is exposed to information in minimal character limits and 30-second video clips, and you have a society and culture accustomed to getting everything they need in short, bite-size segments.

Because that type of technology and reading is prevalent in our everyday lives, we have trained ourselves to absorb information quickly.

The same is true for the learning environment.

“We all prefer our learning to be short, meaningful and focused.”

When security awareness training microlearning modules clock in at two to three minutes, or even just a tad more, users are more likely to absorb and retain the lessons.

5. Business is a global, multi-cultural enterprise. With microlearning, security awareness training programs can be, too.

With companies and organizations expanding their footprint all over the world, no longer tethered to customers just by the location of their brick and mortar operations, the need for communicating in multiple languages has become increasingly important.

“Organizations are more global. Their employees are global. Their customers are global. The threats are global.”

With microlearning modules that incorporate creative rich media – like animated illustrations and graphics – companies can more easily translate the lessons to speak to multi-cultural audiences.

Microlearning modules are expressly designed to increase knowledge retention and behavior change among users. Each module makes just-in-time training possible, helping target specific risks and meet productivity objectives. Flexible and engaging, microlearning adapts to the audience and strengthens user motivation and participation.


Learn more about setting up a security awareness program and team in this eBook:

Managing Cyber Security program

Download The Human Fix to Human Risk eBook

Download “The Human Fix to Human Risk,” to learn about Terranova’s simple five-step framework for implementing a comprehensive security awareness campaign that effectively changes employee behavior.


Gloria Cormier
Product Director

Responsible for managing the development of the security awareness training firm’s main course library, and ensuring each course is built, translated and available for users in meaningful ways.

Connect on LinkedIn