New online sanctions course release – Sanctions: Know Your Transaction

New interactive sanctions training

The Sanctions and Anti-Money Laundering Act 2018 will ensure the UK is able to implement international sanctions post-Brexit. To help organisations comply, VinciWorks has released a brand new scenario based training course, Sanctions: Know Your Transaction. Following the success of our anti-bribery and anti-money laundering training, this course drops users into a set of immersive scenarios to test their knowledge, understanding and ability to comply with new the sanctions law.

Sanctions: Know Your Transaction screenshot

Free demo

Continue reading

PCI DSS Compliance Reduces the Risk of Data Breaches

The payment card industry data security standard (PCI DSS) is designed to protect consumers by encouraging businesses to do more to protect payment card details. A recent survey by US Internet giant Verizon found that compliance with PCI DSS can be a powerful force in fighting cyber-crime – but many organisations struggle to maintain full compliance with the standard.

Speaking to Computer Weekly, Verizon’s head of advisory services Gabriel Leperlier commented: “Since 2010, not a single organisation that has been breached was 100% PCI DSS compliant at the time of the breach.” This is a remarkable finding. Why are so few organisations struggling to comply with the standard?

Firstly, it helps to examine the 12 requirements of PCI DSS:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update antivirus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

In addition to these 12 requirements, digital security teams must contend with changing technology, workplaces that are riddled with web-connected devices, malicious employees and a host of determined hackers, criminals and foreign agents – who are all working day and night to access a company’s valuable data.

As Leperlier puts it: “Many organisations struggle to keep up with the continual cycle of scanning, testing and patching, which is why it is important to involve all employees, so they understand why certain security controls are in place and will be more likely to stick to them rather than finding ways around them.”

Achieving and maintaining PCI DSS compliance does not guarantee that you won’t be hacked – but failing to maintain compliance is a sure-fire way to attract the attention of hackers and criminals. After all, dropping the ball on PCI DSS compliance effectively means you’re making life easier for anyone who wants to steal your data.

There are many examples of companies that have paid a heavy price for data breaches that could have been prevented by complete compliance with PCI DSS. For example, US retail giant Home Depot agreed to pay at least $19.5 million to consumers harmed by a data breach in 2014. The breach occurred because Home Depot used inadequate security software and weak data protection policies. Under PCI DSS, companies are required to conduct vulnerability scans – something that was not carried out fully at Home Depot.

PCI DSS compliance may be difficult to achieve and maintain, but it seems the costs of dealing with a major data breach are likely to be far higher than the price of meeting the 12 requirements outlined above.

15-hour Working Day Ads Criticised

Industry newspaper Construction News recently uncovered adverts for 15-hour a day jobs on the Aberdeen Bypass. The roles are for people to operate heavy machinery, including wheeled excavators for up to 80 hours a week. The adverts were withdrawn after Construction News made enquiries with Transport Scotland and the project’s joint venture partners, Galliford Try and Balfour Beatty.

The primary contractors have denied posting the adverts and are investigating where they originated.

This is not the first time Aberdeen Western Peripheral Route project has made headlines for what appear to be unsafe working practices. Another Construction News report revealed that several workers had quit due to stress and exhaustion related to long working hours. Former staff produced evidence that they regularly worked for more than 70 hours a week, with some managing sites for 13 hours at a time.

When told about the recent job ads, one worker who quit due to overwork expressed his dismay: “I’m shocked. After everything that’s appeared in the press about the safety conditions on that project, how can such long working hours be shamelessly advertised? “I got so tired I didn’t feel I could do my job properly anymore and I was worried that, with everyone else as tired as I was, we would be unable to prevent a serious accident taking place. I quit the project because I was working the type of hours that these adverts openly ask for.”

MSP Lewis Macdonald has asked for a public probe into safety issues on the project, saying: “This is supposed to be a flagship infrastructure project – and so should be the gold standard in terms of health and safety as well as the conditions for workers on the project. But testimony from workers on the project tell an entirely different story – and these adverts will only reinforce those reports.”

Numerous studies have shown links between working hours and health issues. Overwork can lead to both stress and fatigue, which in turn have damaging effects on health and performance. The concern at a major building site such as the Aberdeen road works is that workers will be too fatigued to function – leading to a major incident. The project also reported a flipped bulldozer recently, which could be another sign that workers’ fatigue is affecting performance.

Health and safety eLearning from VinciWorks

Our online courses are a cost-effective solution for all of your safety, compliance and performance learning requirements. We offer off-the-shelf courses for a range of health and safety topics, including personal safety, stress management and risk assessments. As well as our prepared training programmes, we can develop bespoke courses that are customised to your business requirements and circumstances.

Top 5 considerations when purchasing eLearning

So you’ve made the decision that eLearning is what your organisation needs. eLearning is a great way for organisations to gain new knowledge, and do so in a cost-effective way. eLearning can be tailored to meet your organisation’s specific needs, learners can progress at their own pace anytime and anywhere, and eLearning helps the environment by minimising car travel to classrooms and paper handouts.

I’m sure you already know what eLearning courses you need and you’ve probably already shortlisted providers for those courses. You might already have a specific provider in mind. Before you commit, here are the top 5 important considerations when choosing your next eLearning provider.

1) How will I deliver this eLearning?

  • There are many ways to deliver eLearning to your users, and selecting the best option depends on your organisation’s training requirements. The most popular method is to use a Learning Management System (LMS). An LMS is a system that can automatically deliver eLearning to your users and can generate reports on test scores, course status and completions.
  • An LMS can be expensive to purchase and time-consuming to set-up. That’s why an LMS is normally only cost effective for organisations with 100+ employees. For SMEs, a more straightforward approach is usually recommended e.g. purchase course access codes and manually email them to users.
    However, every organisation has different training requirements. There are many factors to consider before you decide on the best delivery method for your eLearning. Your organisation may wish to purchase course access codes instead of an LMS. Ask providers what they would recommend. Keep in mind that you don’t always need to use the same provider for both courses and delivery method. Shop around and see what other providers can offer you when it comes to delivering and managing your eLearning.

2) Is the course content frequently updated?

  • If you’re paying on a subscription basis, this consideration is a must, especially if the contract you’re signing is a year or longer. Some eLearning providers, spend more time growing their eLearning library than updating and maintaining their current library. Best practices and legislation change over time, and your eLearning must keep up.
  • You should ask the eLearning provider: How often they update their eLearning? When can you expect the next update? Can they show you the changes made on the last update?

3) Does this eLearning fully meet my training requirements?

  • Training and development is often one of the highest costs in an organisation, so it is important that your eLearning investment meets your organisation’s needs.  There are a few things you can do to ensure the eLearning provider chosen will help meet your training requirements. Check with the provider if the course accredited, to confirm the content is relevant. Ask if they can edit the course for you to include specific information relevant to your training requirements. Some providers will allow you to edit the eLearning, giving you complete control over your eLearning’s message.

4) What is the true cost of eLearning?

  • Even though a course or LMS is cheap to buy, it is important to consider how much it will cost to run. Think back to consideration no.1, about how you should deliver the eLearning? A delivery method that is ineffective or doesn’t work for an organisation could end up draining hours off the working day. Spending a little extra on the product to save your valuable time is always worth it. Be sure you thoroughly question the eLearning provider on how their eLearning can fulfil your training requirements. For example ask them how much time is required on your part to deliver it, and what level of training you will receive.

5) What level of customer support can I expect?

  • Everyone will need support eventually, whether a compatibility issue occurs during the integration phase or a browser issue causes an error. Although it is important to choose reliable products, it’s equally as important to select a provider that can quickly and effectively resolve any issues or concerns.
  • Every eLearning provider will say they’re no.1 for customer support. This phrase means very little in today’s market. Always question the provider about what support they provide. Ask them: How can you contact them? What hours can you call? Is all support free of charge? How quickly do they reply? Will you receive a dedicated account manager?
  • A good indication that an eLearning provider cares about your success is that the person who sold you the product doesn’t disappear once the contract is signed. Instead they remain easily contactable to answer your questions.

Standing up for disability

Being manhandled into taxis, accused of being a fire hazard, treated like a child when you’ve got a PhD and told to clean your ears out are just some examples of the frustrating and inappropriate behaviour that disabled customers, employees and service users continue to experience. But if silly behaviour is the problem, then could laughter be the solution?