Ten words: knowledge retention, behavior change, real-time, attention spans, rich media.

As a security leader in your company, chances are you see how rapidly the cyber landscape is changing and how quickly cyber threats are evolving.

Phishing, data breaches, malware, ransomware, and more threats are getting more sophisticated with every new technology. These risks are expected to double by 2025 and cost businesses an estimated $10.5 trillion annually (a 15% growth annually).

You can stop these threats at the door (or your email inbox). Your first line of defense? Your employees.

But, for that to happen, you need security awareness training tailored to their needs, and that integrates well with their schedule.

It’s getting increasingly difficult to find the time to set aside hours at a time to train employees to detect these threats. Keeping up with changing regulations and crime tied to cyber threats can be challenging.

Enter microlearning in security awareness training.

What is microlearning?

Microlearning is a course that takes a user no longer than three to five minutes to complete, covers one topic, and allows the student to solve one problem quickly.

Because of its quick turnaround timeline, users learn essential information and can take it back immediately to their work.

While microlearning is not a new concept, it may seem like the next big thing, given the emphasis on it lately and the academic and business-centric articles highlighting the power of quick, module-style learning.

It was around 2010 that companies began translating their thick, printed training manuals to the digital space. The hope was that it would streamline learning, and while it did for a time, the problem that soon emerged was the realization that the courses still needed to be shorter.

While the information and education remained important, the sheer length of the training meant it pulled employees away from their jobs for longer periods, significantly draining resources.

Work was soon done to streamline these long courses into something more approachable. First came the 30-minute classes. Then, the 15-minute lessons. Today, it’s evolved into microlearning modules that are as short as two minutes.

The quicker and faster employees can get in, work on a lesson, and then apply what they learn in real life, the more likely they will retain the information.

What are the benefits of microlearning in security awareness training?

According to Theo Zafirakos, Chief Information Security Officer at Terranova Security, company leaders should prepare for more sophisticated phishing attacks and social engineering schemes. It’s the number one topic of security awareness training in most organizations, as “the bait becomes harder to detect as fraud.”

As a result, employees need to be trained to continuously operate in a security mindset. Microlearning allows continuous training without overwhelming users and creating a culture of paranoia.

Let’s look at some advantages microlearning brings to security awareness training.

1. Enhances knowledge retention and behavior change

Microlearning modules are built to cover topics in bite-sized chunks, giving team members just what they need to know about a specific subject—no more, no less.

Modules can be used as just-in-time training events after an employee has clicked on a phishing email or URL or as refresher cyber security awareness training.

Companies are looking at microlearning more and more as an opportunity to learn from a security-related event and teach employees “some tips as well as how they can be more aware and avoid this next time.”

2. Highly personalized, easy to adapt, and flexible

In the cyber security space and the technology industry, it’s not unusual to go to bed one night and wake up the following day to learn a new security threat has emerged.

With microlearning, courses are already smaller, making them much easier to change and personalize based on the users and current events.

In many cases, changes to microlearning modules to address a new security threat can be made in under a day. In other cases, when completely new cyber threats emerge, creating a new security training course requirement, microlearning can fill that need faster than a lengthy curriculum.

Once users get started on a microlearning module, it will adapt to their knowledge level—thanks to the scenario-based branching design.

That is, the interactive modules pose questions to the users, requiring them to make a decision, and depending on their choice, the scenario will branch off to different outcomes based on their response.

3. Rich. Media.

Have you ever used YouTube to teach yourself how to format an Excel sheet? Or whip up the latest recipe from your favorite chef? Or fix a broken appliance?

Microlearning, like YouTube, works because it engages users with rich media—videos, graphics, and photos. Words alone don’t always drive people to action.

4. Easy to consume and absorb

Years ago, USA Today became a leader in the newspaper design space because the team started keeping all of its stories short—to the point—and, in the printed version, contained one page.

Do you know what they knew way back then? People have short attention spans.

Enter today’s world of social media, where everyone is consuming content in as short as 15-second video clips, and you have a society and culture accustomed to getting everything they need in short, bite-size segments.

Because that type of technology and reading is prevalent daily, we have trained ourselves to absorb information quickly.

When security awareness training microlearning modules clock in at two to three minutes, or even just a tad more, users are more likely to absorb and retain the lessons.

5. Makes security awareness training a global, multi-cultural enterprise

With companies and organizations expanding their footprint worldwide, no longer tethered to customers just by the location of their brick-and-mortar operations, communicating in multiple languages has become increasingly important.

With microlearning modules that incorporate creative, rich media—like animated illustrations and graphics—companies can more easily translate the lessons to speak to multicultural audiences.

Each module makes just-in-time training possible, helping target specific risks and meet productivity objectives. Flexible and engaging, microlearning adapts to the audience and strengthens user motivation and participation.

Micro and Nano Modules in Cyber Security Training

To ensure high engagement and knowledge retention, your cyber security training should incorporate both micro and nano learning modules. Micro videos are less than 5 minutes long, while nano videos don’t last more than 2 minutes.

Micro Modules

Micro modules are lessons that incorporate short videos in a single series. The videos should be less than 5 minutes long and cover a single topic in one module.

Nano Modules

Nano modules are effective at engaging even the busiest employees. These videos are less than 2 minutes long and usually contain valuable and focused information.

Integrating Microlearning Into Your Security Awareness Program

Microlearning can make your security awareness initiatives more effective by relaying your information to employees in a bite-sized manner. Just like how social media videos can keep users entertained, security awareness training delivered with a micro-learning approach keeps employees engaged.

Interested in getting started with a micro security awareness training program? Request a microlearning demo from our experts. Learn more about security awareness training here.



Learn more about setting up a security awareness program and team in this guide:

Download The Definitive Guide to Security Awareness Training and unlock the key to transforming employee behavior with four proven pillars of successful security training.