{"id":19036,"date":"2025-04-10T15:18:22","date_gmt":"2025-04-10T13:18:22","guid":{"rendered":"https:\/\/kordon.app\/?p=19036"},"modified":"2025-04-10T15:18:52","modified_gmt":"2025-04-10T13:18:52","slug":"how-to-do-policy-training-better","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/how-to-do-policy-training-better\/","title":{"rendered":"How To Do Policy Training Better"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>Because nobody learns from a snoozefest.<\/em><\/p>\n<\/blockquote>\n\n\n\n<p>Policy training isn\u2019t just a formality \u2014 it\u2019s a core part of <a href=\"https:\/\/kordon.app\/et\/poliitikate-haldus\/\" target=\"_blank\" rel=\"noopener\" title=\"Poliitikate haldus\">policy management<\/a> process any effective GRC program. When people don\u2019t understand the policies that govern their work, even the best-written procedures fall flat. <\/p>\n\n\n\n<p><strong>Training can help bridge the gap between documentation and day-to-day behavior.<\/strong> It ensures employees know what\u2019s expected of them, how to act in line with regulations, and how to spot red flags before they become incidents. <\/p>\n\n\n\n<p>All good and well, but let&#8217;s face it <strong>most policy trainings that any of us have been part of, are a snoozefest that you suffer through. <\/strong><\/p>\n\n\n\n<p>In this post, I&#8217;ll cover how to reduce the suffering of your policy trainings, or to be honest this advice should be pretty universal for any training.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why Most (Policy) Trainings Fail<\/strong><\/h2>\n\n\n\n<p>Let\u2019s be honest \u2014 <em>the bar is low<\/em>.<\/p>\n\n\n\n<p>Here\u2019s why most policy training efforts fall flat:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2716\ufe0f <strong>They\u2019re too long.<\/strong> No one wants to sit through an hour-long video or read a wall of text.<\/li>\n\n\n\n<li>\u2716\ufe0f <strong>They\u2019re not relevant.<\/strong> Generic, one-size-fits-all content doesn\u2019t speak to your audience\u2019s actual risks.<\/li>\n\n\n\n<li>\u2716\ufe0f <strong>They\u2019re just a checkbox.<\/strong> If your goal is \u201cjust get it done,\u201d that\u2019s all your team will aim for too.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>What Happens When Training Is Actually Engaging and what if training was something people <em>looked forward to<\/em>?<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p>People remember it.<\/p>\n\n\n\n<p>They apply it.<\/p>\n\n\n\n<p>And they become your first line of defense, not your weakest link.<\/p>\n\n\n\n<p>Let\u2019s break down how to <strong>make your policy training something people talk about \u2014 in a good way.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1.\u00a0<em>People remember stories \u2014 not rules.<\/em><\/strong><\/h2>\n\n\n\n<p>Instead of repeating dry rules, <strong>talk about what really happens when security fails<\/strong>.<\/p>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<p>Tell the story of how <em>one employee\u2019s weak password led to a full-blown breach<\/em>. Make it real. Make it relatable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2.\u00a0Even<strong> Basic Gamification <em>Boosts Retention and Engagement<\/em>.<\/strong><\/strong><\/h2>\n\n\n\n<p>Gamify and make it fun. You don\u2019t need to organise a scavenger hunt to make training fun and stick <em>(although, wouldn&#8217;t that be super cool!). <\/em><\/p>\n\n\n\n<p>A few tweaks can go a long way and have the added benefit of being top of mind for many for a lot longer than a single annual training.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2714\ufe0f <strong>Run the allmighty phishing simulations with actual rewards<\/strong><\/li>\n\n\n\n<li>\u2714\ufe0f <strong>Use leaderboards to spark friendly competition<\/strong> <strong>between divisions<\/strong><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3.\u00a0Make It Short and Actionable<\/strong> &#8211; Microlearning Wins Against Classroom Training<\/h2>\n\n\n\n<p>Ditch the single 60-90 minute training marathon. <\/p>\n\n\n\n<p>It&#8217;s famously known that you&#8217;ll need to communicate things in the corporate world at least 7 times before it really sticks.<strong> So use this knowledge<\/strong> and instead of doing it once in a single go, <strong>drip-feed the information using different channels and mediums. <\/strong>Everyone&#8217;s different, using different channels will allow you to <em><strong>catch them all. <\/strong><\/em><\/p>\n\n\n\n<p>Here are a few ideas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2714\ufe0f <strong>Drop quick tips in Slack<\/strong> <strong>regularly<\/strong><\/li>\n\n\n\n<li>\u2714\ufe0f <strong>Share podcasts to listen to, news articles to read<\/strong><\/li>\n\n\n\n<li>\u2714\ufe0f <strong>In everything you share, focus on teaching one concept at a time<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4.\u00a0Know Your Audience<\/strong><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Tailor content to the audience. Different teams use different tools, work in different ways and face different risks. So why give them the same training?<\/p>\n<\/blockquote>\n\n\n\n<p>Engineers probably don&#8217;t need to know too much about handling sensitive personal data, but for HR it&#8217;s a key concept they need to understand, compared to supply chain risks that can lurk in the open source coding libraries. <\/p>\n\n\n\n<p>Relevance makes training <em>feel personal \u2014 and important.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Learning is Social. Use That To Your Advantage.<\/strong><\/h2>\n\n\n\n<p>Make it a conversation, not a lecture. If your training is one-way, you\u2019re missing a big opportunity.<\/p>\n\n\n\n<p>Instead:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2714\ufe0f Ask teams to share personal experiences \/ close-call security moments<\/li>\n\n\n\n<li>\u2714\ufe0f Encourage discussions<\/li>\n\n\n\n<li>\u2714\ufe0f Publicly recognize participation<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>When People Enjoy the Learning, They Remember What Matters<\/strong><\/h2>\n\n\n\n<p>The best training isn\u2019t about the content alone \u2014 it\u2019s about <strong>how<\/strong> you deliver it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2714\ufe0f Keep it real.<\/li>\n\n\n\n<li>\u2714\ufe0f Keep it short.<\/li>\n\n\n\n<li>\u2714\ufe0f Make it interactive and relevant.<\/li>\n<\/ul>\n\n\n\n<p>Because policy training isn\u2019t just about compliance. It\u2019s about building a culture of awareness and action.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Special Prize To Anyone Who Scrolled This Far<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Kordon&#8217;s Co-Founder Martin Ojala shares that he has never gotten as good of feedback to annual training than the time he asked all employees to listen to this Darknet Diaries Podcast episode.<\/p>\n<\/blockquote>\n\n\n\n<p>Read the transcript or listen to it here. Still super relevant even today April 10th, 2025.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"552\" src=\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-1024x552.png\" alt=\"Darknet Diaries - true stories from the dark side of the Internet\" class=\"wp-image-19046\" srcset=\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-1024x552.png 1024w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-600x324.png 600w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-768x414.png 768w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-1536x828.png 1536w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-2048x1104.png 2048w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/image-18x10.png 18w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/darknetdiaries.com\/transcript\/86\">https:\/\/darknetdiaries.com\/transcript\/86<\/a><\/p>\n\n\n\n<p>P.S. If you&#8217;re working on information security policies, then we&#8217;ve created super simple starter templates to start from. No e-mail or signup required. Just download the docs from Google Drive. <\/p>\n\n\n\n<p><strong>Check them out here: <a href=\"https:\/\/kordon.app\/et\/policy-templates\/\" title=\"Tasuta infoturbe poliitikate dokumendimallid - tasuta muudetavate mallide allalaadimine\">Tasuta infoturbe poliitikate dokumendimallid - tasuta muudetavate mallide allalaadimine<\/a>.<\/strong><\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Because nobody learns from a snoozefest. List of actionable small adjustments to make your trainings less boring.<\/p>","protected":false},"author":1,"featured_media":19051,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[116,111,26],"tags":[],"class_list":["post-19036","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-policy-management","category-resources","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=19036"}],"version-history":[{"count":16,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19036\/revisions"}],"predecessor-version":[{"id":19054,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19036\/revisions\/19054"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/19051"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=19036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=19036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=19036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}