Some people are driven by learning. Whether that is so that they can understand more, or gain a higher position, or advance their technical career in a chartered institution or so they can do their job better may not be clear.
From the individual's point of view, it is not important why they are driven by learning. So long as this is something that individual wants, then that is something that can be offered to that person to encourage their interest, understanding and awareness in data security. And this is true whether or not data security is an area that they want to be interested in!
The intent of the training
Depending on the interests of the individual, they can be offered courses in data security or even of other areas, so long as their awareness of data security increases. This can be further encouraged by adding an ovenight stay to a training course - perhaps one in a location that the individual is interested in, perhaps one that they might share with a partner on (say) a Friday and Saturday night?
The aim here is to motivate the individual. If they are sent on a training course and they are motivated by learning, then this should motivate them. If the course is not an area that they were primarily interested in, then additional incentive might help - hence the idea of adding the partner in for an extra night.
The Cost Benefits of getting training right
Before going further, it is vital to remember that a vast amount of training results in minimal improvements. So the training we are talking of here, has to be followed by some form of assessment of progress that has to be attained for the full benefit to accrue. But this also offers an opportunity too. If you can send your staff on a single course that they learn well from, this is far more cost effective than sending them on repeated courses over the years that they don't learn from. So the additional incentive costs of adding in the extra night with partner pale into insignificance against a) the repeat costs of further courses and b) the costs of staff making a data security mistake that potentially destroys the organisation's reputation and potentially its very being.
From the organisational viewpoint, then, it is clear that if the learning takes place, the cost becomes secondary. Furthermore the purpose of the exercise, to ensure that staff member has truly understood and will take on board the lessons learned, will dramatically safeguard the organisation for years to come. IF that is combined with an enthused member of staff who feels privileged to be rewarded in this way, you have also enhanced their quality of working life and that too is a gain.
Why cannot the organisation simply require staff learn things?
Clearly if the organisation is not convinced that a training course is not required, then so be it. But something is necessary to get across the learning. And forcing this attitude by decree and threat is never going to be as well received. Moreover it implies that the whole concept of data control is dangerous and potentially damaging - which is wrong. Data is one of the most important items in an organisation's armoury. If the data is wrong, misused, incorrectly released, lost, damaged or ignored, then the organisation is shooting itself in the foot. It should be regarded as a positive force for good - just needing correct handling. This mindset is difficult to justify if the only way of getting staff to abide by it is by force!
Alternative in-house training approach
Training can be carried out in-house too, of course. That means that there is less option for overnight stays - but this does not stop there being an option of rewarding individuals in this way where they show clear learning and improvement. ie don't make this about the one that knows the most at the end of the course - make it about the one that has learnt/improved the most over the course. Better still, make it available to several who have improved well. Remember that the costs of training someone badly are far more in the longer term than getting it right early on and being able to build on that thereafter.
This is one of a series of blogs on how to optimise your Data Security Controls by focusing on individual interests:
|1) Introduction: Introduction to string of blogs on how to encourage individuals to take data security seriously and apply it with enthusiasm|
|2) Staff Benefits: How do you appeal to individuals to encourage them to adopt and develop the data security system requirements with enthusiasm.|
|3) Business Benefits: The Business benefits of getting good data security controls - as a contrast to the benefits accruing to the individuals involved.|
|4) Salary Impact: Some people may be influenced by money and be encouraged to learn more if this is reflected in the reward structure.|
|5) Work Reduction: Some individuals react to the idea that they will have less work to do if they set things up well in the first place - it certainly is true for data security.|
|6) Bonus Payments: Where money is a key driver, but a change in salary is not possible, maybe a bonus system can be used instead to enthuse people into learning more about data security.|
|7) Tailored Training: Some people react well to being offered additional or specialised training - possibly with additional side benefits - whatever it may take to enthuse them to absorb data security awareness.|
|8) Choice of Equipment: Some people may choose to improve their working environment and this can be a method to enthuse people about data security too.|
|9) Holidays: Some people enjoy time off - and the ability to earn some spare hours may be sufficient to enthuse people about data security enough to earn them.|
|10) Moral Compass: Some people are driven more by their moral compass than whether they are paid more money or have time off. These are key people in your organisation as they will help steer the straight and narrow path.|
Your feedback and contributions would be welcome to help to hone these ideas for all to benefit from - please contact us via the https://securebusinessdata.co.uk/contact or call us on 0345 600 6975.