Cyber-Security: Learning’s Breaking News Imperative
Your employees will need highly targeted and continuous learning and performance resources focused on Cyber-Security in the next 24 months.
This will be a significant and disruptive shift in the drivers and sponsorship of workplace learning. Currently, most learning is triggered by compliance/regulatory needs, development of leadership candidates, new skills for new employees, and systems changes.
But, the deep and dangerous world of cyber threats will require learning and development departments to adjust and expand their focus, content, resources, and expertise – to be the front line of readiness to keep the employees and the enterprise safe and secure.
We can’t teach “be safe” skills in an environment where the sources of threats change constantly and instantly. Here are a few operating examples:
• Every week, employees will receive very well-structured scam emails posing as alerts from banks or shipping organizations. They will look, feel, and appear 100% legitimate. How do we prepare or alert our workforce for these threats?
• Mobile devices will be used more and more with our enterprise systems, opening up new cyber risks and threats. Do we allow our workers to attend a webinar from a laptop at an airport?
• A customer is reluctant to give their personal information to the sales agent from your organization because they have had 3 instances where complete data bases were hacked, exposing their social security number, credit card info, and more.
• How can a manager of a group or an individual worker receive information about the level of cyber security risk or readiness on a weekly basis? Is there a display in the office or information delivered via text message that provides real-time scanning on risky behaviors?
• How can we build a great level of safety and security within the digital side of our businesses and create a sense of safety and comfort for our employees?
• What are the new skills, certifications, and assessments needed for IT, Risk Management, and now Learning Professionals in Cyber-Security Readiness?
This is a topic without a single or easy-to-identify subject matter expert. Cyber threats are changing so rapidly that we will need to source multiple resources, including Tech Companies (e.g. Google, Microsoft, Apple, and Cisco), government security agencies (e.g. NSA, CIA, and FBI), human resource and talent groups, as well as consulting assets.
Adding to this complexity is the need to develop a global approach to Cyber-Security. Recent changes in the Data Rules for the EEC highlight the global aspect of this learning and support requirement:
• Data Security Requirements change based on the location of the data, the country of the employee, and the nature of the cross-country transaction.
Language Issues: Cyber threats are harder to sometimes detect or rule out when the language of an email or system is not the native language of the learner. I recently got an email from the French embassy in Spain and could not easily see if it was legitimate. Our Cyber-Security threat information and learning resources will need to be provided in a wide range of languages.
BlockChain Technology: Increasingly our data will be on multiple servers, often in a blockchain layout, which should have higher degrees of security. But this is an emerging and threat-filled model as well.
Personal and Enterprise Data Sources Overlap: An employee may be listed on LinkedIn, indicating that they work for your organization. If a nasty person or group wants to penetrate your enterprise security, they could find this employee on LinkedIn, start a social conversation over time, and subtly gain trust and perhaps access to corporate information.
Learning Professionals will need to harness a new set of partners and design approaches for this urgent topic. Let’s leverage User Experience to test design models that work best to teach or support learners in their “moments of need”. We must increase our IT and Cyber language comfort and coach our colleagues in the tech departments on better forms of embedded learning and support resources.
And, we must watch the overall level of employee awareness and the level of trust in the digital side of our enterprise. The MASIE Learning CONSORTIUM will be bringing together CLOs and experts in tech and business to work together on the learning challenges of Cyber-Security. Stay tuned!