Information security: plug the leaky learning faucet with learning campaigns

If you’ve ever invested countless hours preparing a one-hour corporate training or 30-minute management webinar, you know how frustrating it can be to have your attendees retain very little. Even though you spent considerable time in making the event lively or the webinar interactive, attendees can still struggle to retain what was covered. While forgetting depends on many factors, research shows that, on average, students forget 70 percent of what was taught within 24 hours of the training experience. With a topic as critical as information security, lack of retention can keep an organization from not only achieving its goals, but risking valuable assets such as customer data and other proprietary information. It’s imperative that employees are aware of the significant role they play in keeping information secure.


There are many culprits to “blame,” such as our ever-dwindling attention spans or information overload. But what if the real culprit is just a lack of imagination for how trainings can take place? Rather than relegating trainings to one-time learning events (e.g. a one-hour training, once a year), consider adopting a learning campaign.

What is a learning campaign?

The goal of a learning campaign is to keep the key information that will most enhance management and employees’ performance at the top of their minds, year-round. In the case of conveying the importance of information security, this can be achieved in a variety of ways. The most common framework is a “slow-drip approach.” Since we’re striving to plug the leaky learning faucet, it may seem paradoxical that a “drip” would be a good thing. Where learning campaigns are concerned, though, a drip campaign is just the ticket.

Learning campaigns provide a slow-drip approach throughout the year, keeping the topics digestible and memorable for employees. A campaign on information security should be as focused in its messaging as possible, offering opportunities for microlearning. You may want to begin by focusing on how to apply the company’s information security policies and procedures. The campaign would touch on different aspects of the policies, offering scenarios based on:

Difficult judgment calls employees may have to make

  • What risks will they encounter
  • How to recognize these risks
  • What to do when faced with these risks
  • What company resources are available when needed

Launching the campaign

There are many different ways to design a learning campaign around information security. The campaigns do not need to be complex but should have a high-frequency strategy. Message repetition can offer learners the opportunity to practice making informed decisions and taking action in a safe (and non-consequential) environment. Better now than when it’s for real!

Some examples of learning campaign formats where there is a periodic touch over the course of a year:

  • Elearning module - Employees complete a short module every quarter (20 mins each)
  • In-life tests every quarter giving members a chance to identify and act (learners might be given a sample phishing email, social media spoof, in-office gossip, etc. to see if they can identify issues and what their course of action should be in response)
  • In office posters and/or merchandise (e.g. pens, folders) to reinforce the main messages of training
  • Geofencing activities to bring elements of the elearning into the real world (i.e. ping a learner’s phone with a teaser video when they enter the lunch room)
  • In-person workshops or discussions based on current events and possible threats

Learning campaigns can be easily managed and deployed if you use the correct elearning tool. Fully responsive HTML5 like Adapt can help bring content to learners anywhere and anytime, embodying the true learning campaign spirit. It can also chunk content into meaningful ways for personalization.

Using the right learning portal will also take the extra foot work out of maintaining a slow-drip campaign. A good campaign portal will manage how and when content is released, and who will be awarded using badges, leaderboards, and integrated social components. By and large, we have found that learners appreciate being incentivized for participating in these trainings. In addition to the portal, consider displaying leaderboards in the portal or prominent office places. Thus, the leaderboard becomes one more touchpoint in the learning campaign.

Sustainable campaigns

Learning campaigns are easily repeatable, year after year. By investing heavily on the front end to build the campaign’s skeleton and implementation strategy, the years that follow may only require a light investment of time to update your campaign’s specific content pieces based on changes to your policy, the company’s risks, and/or current events.

Interested in learning more about managing a learning campaign particularly on issues of security compliance? To learn more about implementing successful compliance training, check out our guide Compliance: Blended Learning That Works.