Re-published courtesy Wesley Freeman, Junglemap UK
In this article, I'd like to look at how we're currently issuing training to end users. More specifically - I'd like to look at some of the common problems I regularly hear CISO's/CDIO's/CIO's talk about when it comes to training end users. Whether the topic of training is threat awareness or new company policies - there are still many flaws between the content that gets created in order to teach and that content reaching the end user.
So, you've created your content - you've asked your end users to look at the lessons and complete the training. Quite often, the average LMS will offer very little in the way of reporting. Sure, you might be able to see how many people have clicked on the content to 'start' the learning process - essentially, if 10 people out 10 people have whizzed through your content and lessons, you'll be able to see that, but generally speaking - not much more. How do we know how long each of those individuals spent on each lesson? How do we know that they simply haven't clicked on the content and sped through it, not taking a whole lot in? With good reporting tool feature on an LMS, you should be able to pick out any individual and know precisely what they have started, what they have completed and how long they're spending on the stuff you're asking them to look at. Unfortunately - spend 5 minutes talking to someone who's in charge of training within a large company and you'll see that many still yearn for this.
Confusion while navigating the LMS
Learning should be quick, easy and simple. There are a ton of LMS out there that fail to achieve this. Your end goal is allow the end user soak in the content you've provided and LEARN - not to let end users with little cyber experience get confused and end up frustrated at what they're doing. Simplicity is key here.
Knowing your requirements
How quickly could you create a bespoke source of information for your end users? Let's say for example an end user on your network clicks a bad link that results in a phishing attack. Are you able to quickly create/modify content within your current LMS to distribute to the other end users warning them or highlighting best practice routines around general IT security? Of the LMS's that allow this - is it cost effective? A good e-learning tool should be able to achieve this without frustration, emptying your wallet or a massive time delay.
Access to your chosen form of learning for your end users should be quick and simple. How accessible is it? Does the user need to be on the local intranet? Do they need to 'log in' to a portal? E-learning should be as quick and simple as opening and reading a simple e-mail. This should also alleviate the problem of not being able to access the lesson or content because the user is not running a specific OS.
These are but a very small helping of problems I regularly hear people voice their concerns over. We need to start looking at a way that can address all these problems while still maintaining the most important feature of all - keeping the end user interested, therefore more keen to look at the content and more like to remember it.
I'd really like to find out what are the most common problems people face when dealing with training on a large scale. Are these issues relevant to you?
I'd be happy to discuss and learn what current LMS's are lacking. I will be writing further articles on how we can address these issues throughout the week. If you'd like to discuss any of this with me or have an LMS that is affected by these problems - don't hesitate to give me a message or a call.