The Digital Training Revolution and Mass Mandatory ‘Modulation’

A global shift to remote working, exacerbated by the recent COVID-19 pandemic, has resulted in a technological revolution, an interesting experiment, as vendors and IT departments worldwide try to design the infrastructure that will support employees working ‘anytime, anywhere’. The requirements are complex as employees use a myriad of devices, including mobile phones, iPads, laptops and desktop PCs, all hosted on different servers through different telephone and broadband networks. This creates a real problem for the IT department, but also threatens the very infrastructure and foundation on which organizations exist, as employees are in control of their own equipment and their own network security through home routers, without the control of their employer. Adding complexity and losing control, pushing more responsibility onto employees, increases vulnerability for both employees and employers in terms of cybersecurity and adds complexity to the delivery of effective training.

The extent to which digital technologies has transformed work-related learning and development is up for much debate. We are living in a technologically interconnected world, which offers humans opportunities to communicate far and wide to mass audiences all over the world. However, this does not necessarily result in improved engagement, learning or positive outcomes, especially in the long-term. In fact, after a year in the life of a global pandemic, many are experiencing ‘zoom fatigue’ exhausted by constant digital communication through 24-inch monitors (Lee, 2020; Wiederhold, 2020). Employees are ‘always on’ and the consequences can be detrimental to health (Duxbury et al. 1996; Ohly and Latour, 2014; Schlachter et al. 2017). While investing in digital training solutions is top of the agenda and suppliers are quick to sell their ‘quick-fixes’, there is limited evidence that they are effective in long-term behavior change in terms of developing appropriate cybersecurity hygiene, or in providing organizations with a proven return on their investment.

What’s the solution? ‘Mass modulation’, apparently - digitally spoon-fed training modules in cyber and information security, a plethora of complex jargon and ‘policy vomit’. Employees apparently benefit from tick-box exercises and videos they can fast forward to the end, in order to comply with company policies. Mandatory training is increasingly being outsourced to third party suppliers (Ray and Thomas, 2019), are usually generic and rolled-out across the group, irrelevant of job title or responsibility, and completed annually, without much involvement of key internal stakeholders such as the employees themselves, the people who are supposed to be benefitting from it. Learning is often top-down and not relevant to them in their specific roles. It is the mass mailshot, in learning and development form. But is this really an effective way of learning and stimulating long-term memory, much needed for protecting organizations from harm? Memory studies demonstrate the effectiveness of personification and repetition, as well as learning small chunks of information as being more effective, so why do modern-day digital technologies continue to overload and overreach?

So What is Learning…?

Learning is defined as being a change that occurs in a person’s knowledge, as a result of experience (Mayer, 2008: 761), focusing on cognitive processing in response to external stimuli. Noe (2013) included skills, attitudes and behaviors, as well as knowledge, as being as a consequence of learning. KSA (knowledge, skills, abilities) is a term often used when defining learning and is attractive as it includes other characteristics such as personality traits, interests and values, as well as cognitive ability, knowledge and skills (Ployhart & Moliterno, 2011: 134).

While increasing the ‘KSAs’ of employees is of course important to an organization in terms of investment in human capital in order to gain a competitive advantage, increases in KSAs alone do not necessarily equate to productivity or performance, or an increase in pay (Marginson, 2019), begging the question why employees should choose to use their ‘brain power’ to gain knowledge that may offer no benefits to their own personal and professional lives. In terms of cybersecurity, employees are being asked to go beyond the call of duty to learn new skills, find time to weave them into their already busy schedules, for no benefit, other than to protect their organization from harm. That’s a big ask, especially if the employer isn’t held in good regard by the employee.

The ‘science of learning’ has mainly focused on individual cognitive processes and, for the most part, ignores the environmental and societal influences in teams and in organizations.

In contrast, Bandura (1986) in his social cognitive theory saw learning as occurring in a social context with reciprocal interaction between each individual and with the environment. When considering digital learning methods, this is important, as one has to take into account the impact of colleagues and societal norms, as well as the interaction between technology and the individual, often referred to as ‘human computer interaction’ (Finlay and Beale, 2000).  More recently, Lave and Wenger (1991) stressed the importance of ‘situational learning’ and learning through practice, which is in contrast to modular learning where the individual learns passively, which is not always possible, especially in situations such as training to be an astronaut, where ‘virtual learning’ can be particularly useful. Organizations can’t afford to let employees learn from mistakes in terms of cybersecurity, in a similar way to surgeons and medical professionals. They need to make the right decisions form the beginning.

E-learning

There are many definitions for e-learning (Yoo et al., 2012); while Moore et al. (2011) defined e-learning as learning that occurs through the use of technology, Bondarouk and Ruel (2010) specified the inclusion of the internet, intranet and extranet in enabling learning. E-learning usually involves hosting material on an organization’s intranet delivered through training management systems, standardized and provided through modules. CIPD (2017) reported 26% of learning was ‘digitally enabled’ in 2016, with 90% of organizations planning to run mobile-based learning. In 2020, however, during the pandemic, the figure was closer to 57%, an increase of over 30%. The larger the organization the more likely they were to invest in digital learning (CIPD, 2020). The focus seems to have shifted away from mobile technologies and more towards online learning, virtual classrooms or massive open online courses (MOOCS), perhaps because it is assumed that employees are not able to go ‘anywhere, anytime’ due to COVID-19 restrictions. On the job training is still the preferred method of learning by organizations with 56% of learning being delivered through webinars and virtual classrooms.

The focus seems to have shifted away from mobile technologies and more towards online learning

The design of e-learning solutions has been faced with much criticism from the user perspective, as much of it is deemed to be irrelevant for the purpose by which they are intended and there is a need for a clear infrastructure where the end-user is involved (Damodaran, 1996). Derouin et al. (2004) offered some guidelines in preparing trainees for learner-led instruction as well as designing learner-controlled training and saw learners as individuals with individual needs but failed to fully appreciate the role of teams and collaborative learning. In fact, when high levels of learner-control exist, employees had more positive perceptions of e-learning (Fisher et al. 2010).

When looking closely at mobile learning, definitions suggests that learning must take place outside of the traditional learning location, which is not relevant to the current day when many of us are working from a variety of locations. Moreover, the definition assumes mobile learning to exist outside of normal hours (Korucu & Alkan, 2011), e.g., evenings and weekends, which assumes people are working in a Western 9-5 way, when in fact, especially as a consequence to the recent pandemic, people are working at all times of day and night, working around the needs of family or other responsibilities. 

What is the Training Cycle…?

The training cycle usually begins with a training needs analysis (stage one) and is “the process of determining whether the organization’s training needs, objectives and problems can be met or addressed by training” (Arthur, Bennett, Edens & Bell (2003). Stage two is the process of designing the training. Stage three is the delivery of the training, and finally, stage four in the training evaluation.

Benefits of E-learning

E-learning has developed over the years from simple PowerPoint presentations to now offer guidance, adaptability and better enable gamification and mobile learning is expected to follow a similar path (Wasserman and Fisher, 2017).  When content is of a high quality, including learner support, feedback and recognition, there is an increase in e-learning participation (Garavan et al, 2010).

E-learning can bring significant benefits to both the employer and the employee. Noe (2013) highlighted the usefulness of ‘control’, both in relation to the learner and the organization. Examples include when learners can control where and when they undergo training and have the freedom to access material as and when required, as well as select their preferred type of media (text, audio, visual etc.). In some circumstances they can also benefit from virtual learning and the use of avatars in order to simulate a real environment and reinforce learning.

Benefits to the organization include a reduction in administration time as many tasks are completed electronically, the monitoring of employees’ achievements and a reduction in cost, at least in terms of travel and time, in comparison to training delivered in physical classrooms (Noe, 2013). However, Noe (2013) did not provide any evidence of long-term benefits or tangible examples where organizations received a return on their investment.

Other advantages include flexibility, accessibility, efficiency and the assumption that they are cost-effective as they can be delivered on mass far and wide (Bondarouk & Ruel, 2010; Noe, 2013). However, there are few large-scale studies which evaluate the effectiveness of e-learning (Holden & Stewart, 2013) and little evidence of their cost-effectiveness when looking at long-term learning and the extent to which e-learning has provided a good return on investment.

Marlow et al. (2017) claimed that simulations provided the best opportunities for success, offering interactivity, fidelity (reflection of reality), feedback from specific aspects of performance, and debriefing, enabling learners to transfer knowledge to real environments. Simulations are useful when trying to prepare for a crisis, when simulations are used as a safe environment in which individuals and groups can practice and develop their skills in preventing or managing a serious incident before the event occurs (Walker, Giddings and Armstrong, 2011). Simulations are proving to be increasingly popular in cybersecurity training, as it enables employees to deal with current and real threats, practicing in a safe environment (Cone et al. 2007).  

Challenges with E-learning

Although e-learning has provided benefits, issues have been evident (Upadhyaya & Mallik, 2013). Firstly, unless training programs are mandatory, completion rates are fairly low (Brown & Charlier, 2013). Moreover, employees have shown a distinct lack of motivation in the completion of courses (Yoo et al. 2012), often not finding the time and not having the appropriate equipment or the appropriate support from line management. Leadership often don’t walk and talk what they preach and employees don’t benefit from good role models.

From an employee perspective, as perhaps with all types of learning, motivation, especially intrinsic motivation (Yoo et al. 2012), to learn strongly predicts their level of participation and influences their levels of self-efficacy (how confident and capable they are in completing a task) (Garavan et al. 2010). The assumption that older workers are not as able as younger workers can limit the use of e-learning in certain groups (Jeske & Stamovrossnagel, 2012). While digital literacy may be an issue (Mohammadyari & Singh, 2015), age is becoming less of an obstacle to the uptake of e-learning solutions (Hrtonova et al. 2015; Cigdem & Topcu, 2015; Fleming et al. 2017). The evidence is somewhat conflicting when looking at age and whether older people struggle with e-learning (Fleming, Becker and Newton, 2017), and in any case, is mitigated against by increased support, either from younger peers or management.

From an organizational perspective, it can be a tricky balancing act when attempting to engage employees with the completion of e-learning training in their knowledge of low completion rates (Brown & Charlier, 2013) and the temptation to make them mandatory so as to fulfil compliance requirements, while promoting a positive approach to learning by making it voluntary (Hrtonova et al. 2015). Support, either perceived managerial, organizational or job, can be indicators as to whether an employee will accept an e-learning system (Cheng et al. 2012). Cheng et al. 2012 suggest designing the work environment so as to provide the best support for the implementation of a new e-learning system, such as social atmosphere, workflow design and skill-based reward systems.

Factors that can influence the effectiveness of the training include whether the technology is ‘fit for purpose’, integrates and blends well with other systems and learning methods, and how the learner manages and embraces a variety of factors. Poorly designed training can overwhelm employees with information and do little to provide learning (Bandarouk & Ruel, 2010). In addition, the timeliness of the solution is critical as there are often delays to the implementation of technology, proving to be ‘too little too late’. By the time it is rolled-out the hackers are on to the next method of attack and even global financial institutions are left ‘eating dust’.

Poorly designed training can overwhelm employees with information and do little to provide learning

The key assumption that everyone globally benefits from the use of digital technologies in learning and development and has access to a similar standard of equipment and network is flawed. Most studies don’t address the elephant in the room; how marginalized societies and small organizations may not benefit from the cash flow or connectivity required in order to benefit from digital learning, or indeed cybersecurity technology or training.

With the evolution of the ‘gig economy’, short-term contracts, consultants and freelancers, employees are increasingly responsible of the purchase, maintenance and use of their own work laptops and desktop PCs, which poses the question as to what happens to those who can’t afford to fund their own equipment (Prassl, 2018). A recent study by Wasserman and Fisher (2017) found that nearly half of the adult population worldwide don’t have web-enabled mobile phones (Economist, 2015) posing an issue for those who need to be on the road and complete their cybersecurity mandatory training. That’s assuming that contractors and temporary employees are even required to complete the mandatory training…

Challenges exist for both the training designer and consumer such as accountability, in that the designer has to design training solutions without the knowledge of key important factors such as the extent of the mobility of the individual, what platforms they are using, and whether an app or browser is the best solution for that device and the individual’s preference and lifestyle. When this isn’t done right, it affects the learning experience of the consumer (Wasserman and Fisher, 2017). Mobile learning can also further impact on work-life conflict and a lack of separation between work and personal time, and we all know how our attention and performance can waiver when we are under pressure…

When designing mobile learning platforms, more customizability is needed in order to deliver appropriate learning for that particular moment in time, ‘anytime anywhere’ (Wasserman and Fisher, 2017).  In addition, better integration with social technologies offers opportunities for feedback and increased flexibility. Mobile learning can be extremely useful as it can be used to obtain real-time assessment, utilizing tools available on mobile devices such as location tracking, camera and the microphone, with a moment’s notice.

However, when using mobile phones, individuals are more easily distracted by notifications unrelated to the intended learning and individuals may perceive themselves to have learnt something, perhaps by sharing it on social media, but in fact haven’t retained the information to a sufficient degree in their long-term memory. It is important however not to assume that just because learning has occurred through a mobile device, the social element of learning cannot be assumed (Wasserman and Fisher, 2017).

Blended learning is when e-learning is combined with more traditional learning techniques and when numerous technological learning solutions are used interchangeably and sometimes simultaneously, such as modular learning online and through mobile apps, offering flexibility in being able to practice learning in a variety of ways. This can be a very effective way of getting the best of both worlds: the personal touch from face-to-face traditional training, and the convenience of digital training solutions.

Impact of COVID-19 on E-learning

The transition to remote working was unexpected and required solutions without affording the time for a thorough needs assessment, the result of which is so far, undetermined. The impact of the pandemic on learning is not fully understood as it has created a new context and reality, never before experienced. Primary research is limited and inconclusive and focused mainly on the medical health sectors (Caruana et al. 2020). However, it is very much seen as an opportunity to experience a ‘teachable moment’ (Pek et al. 2020) so one can assume that we will see an increase in primary research over the next year or two, the key findings emerging once we return to the ‘new reality’ (Newman & Ford, 2020).

Learnings from future research are in the interest of the public and should not be seen as intellectual property and an opportunity for one organization to compete against another (Nicholson, 2020). Above all, employees will need the support of good leadership and communication (Newman & Ford, 2020). Collaboration is key and by sharing information between employees, teams and organizations we can be better united against the force of the enemy.

To Conclude…

To conclude, the reality is that all do not benefit from equipment and connectivity that is ’fit for purpose’, giving major corporations in western society a competitive advantage. It will be increasingly necessary to have basic IT skills as standard but individuals will also be expected to have web-enabled mobile devices as well as work/home computing devices and know how to operate them to an appropriate level of skill, including having the self-efficacy to address vulnerabilities in terms of cybersecurity.

Digital technologies in learning and development have been useful in reaching far and wide, at least in the privileged world, but lacks a personalized approach, can make it difficult to share learning with colleagues, and can even impact on their wellbeing. The effectiveness of digital training is greatly improved when appropriate supervision and leadership is in place to support employees. It is too soon to speculate about the impact of COVID-19 but it is an interesting experiment and we should look forward to evaluating the results. Simulations and group-based virtual learning provide employees with the opportunity to practice skills and effective decision-making in a safe environment, without suffering from the perils of ‘mass modulation’ and cybersecurity regurgitation. 

What’s Hot on Infosecurity Magazine?