How we built a cybersecurity learning culture
Cybersecurity is a critical focus for the team at ReadyTech.
As a technology provider to thousands of customers across multiple industry verticals, we need to ensure we’re always meeting leading global information security management standards (we are ISO 27001 certified) with a cybersecurity culture that makes every employee a strong link in the chain.
That means engaging our people in a strong learning culture around cybersecurity.
That’s the question a lot of learning and development professionals are asking themselves regularly. We know we need staff to learn and skill up, but how do we engage them effectively? What will ensure they undertake learning and bring that learning into their everyday behaviours at work?
A case study in cybersecurity learning
ReadyTech has seen strong success with our cybersecurity training program. Managed by Chief Information Security Officer Sam Giffney and his team (with the support of our management team including HR), we’ve managed to make cybersecurity a whole-of-organisation learning effort.
This has come in the form of digital learning through Ninjio. Made up of short, focused video lessons around a particular cybersecurity risk, threat or behaviour, they are delivered right across our employee footprint and are consumed wherever and whenever employees choose once a month.
Ninjio sits alongside our broader cybersecurity awareness efforts. These include policies like our ICT Acceptable Use Policy and regular training courses in Information Security Awareness, as well as real time communications via events and collaboration mediums like Slack on cybersecurity issues.
We’ve seen this succeed alongside some other learning initiatives that have been less successful. So what have we learned from this cybersecurity training success? Here are a few things that stand out about how we’ve managed digital cybersecurity learning engagement with Ninjio.
We’ve made clear cybersecurity training is a priority for our organisation. This comes visibly right from the top down. Through regular communications on the ‘why’ of cybersecurity and the active engagement from management, our team are alert and made aware of new training in this area.
Ninjio training is digital – all the more important in these remote working times. Employees can complete the training from home or wherever they are on any device. They are notified through all available channels and frictionless access is made easy with a simple click through to the training.
The training is easily consumable. With a ‘micro’ 5-minute video format, it focuses in on an important cybersecurity lesson for staff while doing it in way that can be easily blended into a work day; just before lunch, in between meetings (or even just before the course deadline!).
Ninjio training is engaging. An animated video format with real-world ‘guest’ stars in each episode, it features a gripping tone and pace to communicate the gravity of the risks being discussed. This helps staff want to watch these videos. It includes a quick assessment to test knowledge at the end.
We love our CISO Sam because of his tendency to gamify cybersecurity learning. This has been done with success with Ninjio specifically, where results across businesses in our group are regularly shared in leader board form, to encourage teams to outperform their peers across ReadyTech.
Employees know they will get a new, relevant cybersecurity video every month. This regular cadence has become a rhythm staff anticipate and work into their cycle. Rather than open-ended learning programs or irregular distribution, this predictability means people always know what to expect.
We promote each new episode of Ninjio training on relevant channels, including email, and company Slack channels. Managers are engaged to encourage teams to complete the training. We celebrate training wins and advocate engagement at regular virtual wraps and Town Halls.
Learning from a learning culture
There’s a lot more to building an organisational learning culture than a digital learning program in an area like cybersecurity. For example, organisations can benefit from a workforce skills management platform like JR Plus to engage employees in learning pathways through their organisation.
But it’s always useful to see how one niche program has managed to succeed. With a combination of purpose, management team buy-in, and professional and engaging program delivery for a digital age, organisations are likely to be able to boost the success they are having in any learning area.
Find out more about workforce training and skills management platform JR Plus.