By Kim V. Cheramie, MSN, RN-BC, President, K&B HealthWork LLC, Contract Lead Nurse Planner and Accreditation Specialist
Efforts to include social media in professional development have been met with mixed reactions, with issues cited including control of content and best use, as well as measurement of learning outcomes. These questions have led many in professional development not to embrace social media as a component of instructional design and professional development. However, in education that focuses on internet usage and cyber security, we may be missing a prime opportunity to build on the strengths of social media to influence learning and subsequent behavior. The case described here highlights an incidental occurrence during a competency audit in cybersecurity that resulted in significant behavior change and improvement. Although not an intentional educational intervention per se, CPD professionals could take lessons learned and strategically consider the use of social media as an alternative in instructional strategy.
Recently, during a routine cybersecurity audit, a large, Midwestern healthcare organization discovered a significant change in employee behavior that, when traced to the time of change, followed an employee posting to social media. As background, healthcare organizations conduct routine audits of personnel cyber/internet behaviors by disseminating phishing emails in a controlled environment (think: simulation). The organization in this case sent out 2,800 emails to personnel with a link that, when clicked, brought the employee to a site indicating that they had fallen victim to a planted phishing scheme. The site highlighted the risk signs contained in the email that the employee missed and the subsequent actions that should have been taken by the employee (think: feedback).
Throughout the audit campaign, the IT department traced the number of clicks to the planted link. Over about 60 hours, there were a total of 849 clicks and a total of 30 percent of employees were found in noncompliance. The significant finding during the campaign and monitoring was that 720 clicks occurred within the first 29 hours and a significant drop-off (129 clicks) occurred after. Although a decrease in number of clicks is to be expected, when looking at the hourly rate, it was discovered that the dramatic decrease occurred at the beginning of the evening shift. During the investigation, it was discovered that a night nurse opened the email at the beginning of her shift, clicked on the link, recognized her mistake and then immediately posted to her personal social media account. This posting warned her fellow co-workers to not click on the link as it was a phishing campaign to which she have fallen victim. Her post had a viewing of upward of 200+ views with several comments thanking her for sharing and that they were wondering about the email themselves (think: social norming).
This employee demonstrated a clear mentoring behavior that is exemplified in the social cognitive/learning theory. As is suggested in Albert Bandura’s theory research from the 1960s and 1970s, learning is often optimized in a social environment. A learner’s behavior is supported through behavioral modeling, through which the learner observes the modeled behavior and subsequent reinforcement/repercussions. Learners then carry out similar behavior based on the modeled behavior. Moreover, “#socialQI: Simple Solutions for Improving Your Healthcare,” Brian McGowan hinted at how Bandura’s work directly related to the intersection of social media, learning and healthcare improvement. In many ways, this case validates this reasoning: through one social media posting, a night nurse modeled/mentored the appropriate behavior by identifying the consequences of her actions and sharing them with her co-workers. And, as the bar chart represents, the subsequent change in behavior by other employees can be traced to the timing of the posting.
Building on this case, it is suggestive that the community might be well served incorporating social media into professional development interventions as well as outcomes measurement. How might this work?
Take the annual cyber security training. All personnel participate in a set of required modules and must complete post-testing with 85 percent passing rate (knowledge/competency). Several months later (think: bottom of forgetting curve), an audit of personnel behavior was performed.
Prior to the dissemination of the phishing email, identify several of your social media influencers and stage them to post a warning/reminder at a designated time on their various social media accounts. Then, measure compliance with the desired behavior (click rate) and use the timing of the influencer posts as relevant milestones after the original training and testing intervention. This simple strategy extends your education time frame, reinforces compliance with the purpose of the education and measures outcomes of compliance competence.
Social media posting is happening. Personnel are constantly highlighting their experiences, practice and education through their personal accounts. By embracing social media as an educational strategy and purposefully using the strengths of the action to influence behavior, it becomes another tool in the educator tool box in effective education that changes practice.