How to create a Compliance Culture

How to create a Compliance Culture

The term ‘compliance culture’ isn’t new; for years we’ve heard about the need for organisations to create one in order to really get on top of and mitigate regulatory and reputational risk.

And whilst the phrase ‘compliance culture’ (or ‘culture of compliance’ if you prefer) is one we all recognise, like a lot of qualities pertaining to culture, it can be hard to define.

At DeltaNet International, we imagine ‘culture’ as it affects the organisation itself. That is, as the DNA that runs through the business colouring its everyday operations.
After all, workplace culture – often called ‘corporate culture’ – refers to the beliefs and behaviours of the workforce.

It’s made up of the various values, attitudes, actions, and norms visible in those around us and regarding various factors in the workplace – one of these being, compliance.

Compliance, on the other hand, is all about doing the right thing, the right way. It’s about setting principles and standards and acting accordingly.

When we speak about a culture of compliance, then, these expectations are incorporated into the behaviours, beliefs, and actions of the entire workforce.

It’s not enough to have written policies and procedures (whilst these are important benchmarks that should be communicated clearly, they can also feel distant from the organisation).

Image

True Culture of Compliance

A true culture of compliance will not only point to and promote such policies but will also bring them to life – it’s about doing what is right simply because it’s the right thing to do – regardless of who is watching.

In short, a compliance culture is a critical area that permeates every aspect of business. If it’s successful, it will influence our vocabulary, our values, our targets (and the way we achieve them), and our interactions/transactions with those we encounter.

A compliance culture is the filter through which we conduct ourselves and our business, it’s never an afterthought that ticks a box.

Beyond written rules- Identify risks, manage expectations

It’s important to understand that the look and feel of one organisation’s compliance culture will be totally different to that of another. Cultures of compliance are never one size fits all, so it’s imperative to identify the specific compliance risks that your company faces and construct a compliance culture in and about these areas.

Risk factors

High-risk factors might include the physical (think construction or chemical work, for example) where health and safety will need to take precedence; or else they could be technological, requiring extra attention on cyber-security and data protection principles. Some organisations, let’s say financial institutions, might focus on strategic risks, raising awareness about anti-bribery, anti-money laundering or FCA regulation for example.

Compliance cultures are NEVER one size fits all

Whatever areas of compliance your message centres around, setting and communicating your expectations in these areas is paramount to establishing an effective compliance culture; one that’s relevant to you.

Communication is key

Remember, your expectations when it comes to compliance are communicated in more ways than one. It’s the sum of all this messaging – whether communicated purposively
(think written policy, mandatory training, posters, and other learning materials) or as a by-product (visible consequences, management buy-in, risk tolerance, performance pressure, and so on) – that creates the culture guiding and framing employee behaviour.

Whilst some go unseen, these messages are nevertheless strong forces which reinforce and represent what the organisation expects from its employees, and what employees can expect from the organisation. As such, it’s important these voices are united when it comes to areas of compliance you want to manage.

Codes of conduct and ways of building trust

Whilst creating and maintaining a compliance culture goes above and beyond written policies, it’s nevertheless useful to begin here and build outwards.

What does a code of conduct look like?

A code of conduct is the most common policy for organisations to have. Essentially a self-regulating document, codes of conduct are designed to outline specific behaviours, either required or prohibited, as a condition of ongoing employment.

Indeed, many organisations also have supplier or third-party codes of conduct to ensure the entire supply chain is aligned with the minimum standards of behaviour they expect to see.

Image

Recognising success- a tale of ownership and accountability

A culture of compliance is easily recognisable; it’s an environment where employees know what is expected of them and, wherein, they make good choices. In this compliant culture, leaders do more than communicate the rules to be obeyed, they model consistently good behaviour themselves.

They set the cultural tone by sharing their vision, reacting quickly (and fairly) to non-compliance, and by celebrating when employees act in a compliant manner.
Inside this successful compliance culture, strategies are delivered to monitor ongoing compliance (think inspections, investigations, regular risk-assessments and simulations to test knowledge).

Plans are also in place to manage and respond-to any vulnerabilities or non-compliance uncovered by these actions – whether this is further education, increased awareness training, or other disciplinary action, the goal is to discover weak links and deal with them promptly.

This is an environment which fosters accountability. Here, designated risk owners are assigned to manage key-risks on behalf of the organisation and, as custodians of compliance, these individuals have clear roles and responsibilities when it comes to the job.

They’re well-trained and committed to building trust via competency and consistency; the mindset here is not to ‘win at any cost’, but to be transparent, to do what’s right.

A successful compliance culture does not view training as a ‘once and done’ exercise, but as a continual process aimed at closing knowledge gaps and upskilling employees.
Employees are not forced to repeat training they don’t require either (this wastes time and fosters resentment about said wasted time).

Learning here is adaptive, tailored to the individual, and can be completed seamlessly, in the flow of work.

A successful compliance culture views training as a continual process aimed at closing knowledge gaps and upskilling employees.

Image

The drive to incentivise- what NOT to do when building a compliance culture

One of the biggest mistakes organisations make it when it comes to building a compliance culture is to incentivise it. Yes, compliance and positive behaviour should always be positively reinforced, but it’s important to remember that compliance is about doing the right thing for the right reasons – not simply to get a reward.

Incentivising compliance is a risky business (pun intended) because it can erode the trust and commitment that’s necessary to cultivate a compliance culture in the first place.
It doesn’t make sense to ask employees to self-regulate, to trust their instincts, and to do what’s right on the one hand, whilst simultaneously conditioning them that
compliance can be bought and sold somehow.

Under reporting and over reporting- 2 sides of the wrong coin

Additionally, incentivising compliance can lead to two issues that a true compliance culture would always seek to eradicate. In fact, these enemies of any budding compliance culture happen to be two sides of the same coin: under-reporting and over-reporting.

For example, in an environment where going X number of days without a health and safety incident garners rewards:

  • How likely is it that real incidents (the type that require action to prevent them reoccurring) will be reported?
  • How long until under-reported small incidents build up into a larger problem- one that’s potentially devastating for the company?

Likewise, inside an organisation where whistleblowing is overly incentivised and compensated, how long before employees begin to over-report or nitpick just to appear on top of things?

Fostering this kind of over-vigilance is a slippery slope into bad office politics and corporate backstabbing, quite the opposite of the trust-filled accountability culture we want to nurture.

Remember… the appearance of compliance is not compliance

Compliance – and the way your compliance culture takes shape – is an ongoing journey. It’s never a destination or something that will one day be ‘complete’.

Image

Perpetual stories of improvement

Rather, think of compliance as a spectrum of maturity involving people, processes, and other tools/technology.

Depending on factors such as the size or age of the organisation, your company’s position on the compliance maturity spectrum will adjust
over time, as will the legislation and regulations that lay the groundwork for what compliance means.

For instance, younger companies may have cut corners in this respect. It’s not unusual for start-ups and SMEs to treat compliance as a series of boxes to check in-line with what the law dictates they must do.

Larger, more established organisations, on the other hand, may have been working on their compliance culture for several years, approaching compliance as it plays a positive role in driving business growth.

Tone from the top

Whilst touched-upon throughout this document, we’ve deliberately avoided dedicating any single page to ‘setting the tone from the top’ – even though this element is incredibly important and often discussed when it comes to the topic of compliance cultures. an integral part of the life-force enabling your company to strive for excellence in compliance

The reason for this is the true meaning of the phrase, which carries much more weight than any written theory or principal allows for. Instead, setting the right tone from the top is an integral part of the life-force enabling your company to strive for excellence in compliance.

The DNA that informs the ongoing growth, development, and success of your compliance culture begins here (and can end here too, if leaders are careless).

You must not underestimate it.

At the highest level, successful compliance management is continuous as well as sustainable.

Building a compliance culture means learning from past mistakes and cultivating an environment of continuous improvement that’s observable throughout every department, from the top down.

What is Microlearning and why Should you Care About it?

Seemingly ever-increasing in popularity as the years go by, microlearning is essentially a way of packaging and delivering learning content (particularly work-based learning) into short, bite-sized chunks that are easily digestible and that address very specific, focused learning outcomes.

The thinking behind microlearning might seem pretty self-explanatory: it offers quick, compact answers to questions employees need to know right now in order to continue to work or – in a compliance setting, for example – to continue to work safely.

Whilst many microlearning courses are under five minutes in length, there is no set length considered ‘ideal’ for microlearning interventions. Rather there’s the wonderfully vague but nonetheless general consensus that microlearning itself be no longer than it needs to be (in order to cover its learning objective, that is).

In other words, we can think of microlearning as it concerns itself with content learners ‘need to know’ – not what might be ‘interesting’ or ‘nice’ to know.

Whenever we employ microlearning, then, it’s important to ensure that the learning point in question can and should be addressed via microlearning in order to achieve optimum results. Content should never be ‘squashed’ into microlearning modules if it is too nuanced or complex for the methodology, or if more time is necessitated to accomplish the objective effectively.

Microlearning and modern life

There’s a lot of buzz online about the use of microlearning as it responds to shortening attention-spans brought about by the use of social media and other digital channels promoting instant gratification. The idea being that society can no longer handle the subject-heavy nature of traditional teaching and must be spoon-fed smaller, more palatable, pieces of information in order to pay attention.

Whilst there is some truth to this (we have indeed become more accustomed to receiving digital information via short snippets or ‘updates’ alongside the evolution of the internet, smartphones, news alerts, etc.), it isn’t fair to view microlearning as a way of pandering to modern culture’s so-called reliance on ease, rapidity, and over-consumption.

Rather, the advent of microlearning – and shorter attention spans in general – can perhaps be more fully explained by the sheer amount of information available and conferred to individuals – including in the workplace.

Take workplace mandatory training alone as an example, which might be made up of any number of topics, including (but not limited to) data protection, manual handling, and equality and diversity, fire safety, display screen equipment use, and workplace code of conduct – not to mention any compulsory industry-specific training that must be undertaken by individuals in different professions.

So, it makes sense to imagine that the more data there is available to consume, the less attention time people have to offer different instances of information. Indeed, according to Forbes, the number one reason employees stop learning is because they simply don’t have the time. Modern workers are information-wealthy and attention-poor, and this creates a need to use and allocate learning time more effectively.

By way of summarising what microlearning is, here’s what it definitely is not:

  • A way of dumbing-down workplace learning
  • Longer-form learning content that’s simply ‘chopped up’
  • Any learning content that happens to be short
  • Tedious, superfluous, or unnecessary

Benefits of Microlearning

So, we know that microlearning is a viable way to save employee time and maximise the time we do have to spend on training activities, but what other benefits and ROI are on offer for businesses considering investing in microlearning?

Let’s take a look:

Microlearning is engaging

We know that, in order to be effective, learning content must be engaging – and here’s where microlearning really comes into its own. The brevity of microlearning content helps prevent cognitive overload, allowing key takeaways to be absorbed without getting lost beneath superfluous information and contextual clutter which can overburden working memory and result in learner disengagement.

Instead, microlearning is incredibly learner-centric; it gives learners time to pause for thought and process information before moving onto the next key learning message. This facilitates the process of transferring knowledge into long-term memory.

Additionally, as a methodology born into and enabled by technological advancement, microlearning tends to be intensely media-rich, meaning it makes use of different media types and instructional design techniques, including video, animation, audio, and gamification. Because these design techniques are more familiar and pleasing to the learner, it’s less likely users will lose interest quickly, which makes the entire learning process a lot more intriguing and engaging.

Read more about ways to boost your compliance training here.

Microlearning is flexible

Microlearning is a flexible tool that can easily transition between different devices such as smartphones, PCs, laptops, and tablets, enabling a seamless learning experience regardless of where users are (or prefer to be) when they find time to brush up their knowledge. This technological coherence also means users can take responsibility for their own learning journeys, checking off courses assigned to them (or self-determining useful ones) as and when it suits them.

Furthermore, microlearning is an extremely effective methodology for ‘learning in the flow of work’, a concept that proposes learning shouldn’t be separate to the daily work of employees, but, instead, ought to become a part of it.

Learning in the flow of work recognises the need for learning to fit around and align itself to the real way people live and work today. Rather than thinking of learning objectives as ‘destinations’ for employees to reach, then, the concept dictates that learning should come to us instead, delivered by intelligent learning platforms capable of interrogating what employees are working on and looking for learning opportunities to help.

It’s not hard to see how microlearning – with its short, specific bursts of knowledge – fits into this model nicely.

Our MD, Darren Hockley, explains what learning in the flow of work is in this bite-sized video.

Microlearning is scalable

Microlearning is an ideal solution for scalable content development, making it a convenient and very cost-effective model for businesses looking to keep staff up to date across various training topics.

This is because, not only can microlearning assets be reused by and rolled out quickly to large groups of learners, it’s also much easier to remove, replace, or update small chunks of content than it is to redesign a lengthy eLearning course or rewrite an entire policy document.

This same logic can be applied when it comes to the customisation of microlearning content too. Let’s say, if a particular organisation has specific needs, goals, or interests it wishes to address at certain times, or a knowledge gap is uncovered and needs closing ASAP. Microlearning is easy to adapt and administrate in both these circumstances.

Furthermore – and perhaps most interestingly of all – microlearning can be utilised as a tool to move away from broad-content learning (where all users take the same eLearning course or curriculum and are most likely exposed to materials they may already know or do not need to know for their roles).

This is because the granular, nimble nature of microlearning allows for adaptive learning paths to be drawn. Using diagnostic assessments and intelligent algorithms, a smart eLearning platform could cherry-pick microlearning ‘nuggets’ depending on what learners need to know, what they already know, and what they don’t need to know for their job. Each microlearning intervention then becomes a building-block, one piece of a longer curriculum which targets each learner’s specific requirements and knowledge gaps.

Read five ways adaptive learning improves compliance training.

Microlearning is measurable

Being able to measure the impact of any learning intervention is crucial for driving lasting behavioral change, and this is another area where the granular nature of microlearning thrives. It’s much easier to tie microlearning training to outcomes because each key message or learning objective is isolated.

As you can imagine, this makes it much simpler to observe how users are responding to and answering very specific questions on very specific topics – and to compare what the success and failure rates look like for similar topics presented in different formats.

Organisations won’t have to wait long to assess their ROI when it comes to microlearning because – despite the short nature of microlearning modules – each instance produces plenty of data, and quickly too. Looking over this data will tell us plenty about whether the questions asked in each course are effective, whether the learning-content that leads up to the questions is effective, and how well learners are performing in the mini-assessments inside each microlearning segment.

It’s easy to turn these data points into visual charts and graphs that tell a clear story executives need to know. Namely, whether their investment in microlearning is paying off in improved efficiency, higher profits, and more motivated and skilled employees.

What next?

Why not analyse your own compliance, health and safety, or performance training to see where you need more engagement, better focus, improved metrics, or more flexibility. If this is something our friendly team can help you with, please feel free to drop us a line, we’re always happy to help.

5 Ways Adaptive Learning Improves Compliance Training

Choosing the right compliance training can be a tricky business for organisations.

After all, compliance training is a big investment in the future of the company. Undertrained or disengaged staff can leave themselves and the company at risk of damage, injury, or legal action; and the cost, timeliness, and effectiveness of the training on offer all affect the company’s return on investment — a tall order for any risk owner/compliance manager to fill.

Sadly, compliance training is not too popular inside many companies. Often met with groans and eye-rolls, the recurring requirement to train and re-train in compliance subjects can feel redundant for employees, particularly longstanding ones who may have completed the same (or similar) training year after year before.

There are usually two issues at play when employees have a negative impression of their compliance training:

1) They feel their time is being devalued. This occurs when new or useful information is buried under repetitive knowledge that the user has encountered previously and already comprehends.

2) The learning content itself is dull – often overly legislatively focused – rather than practical and relevant to the job at hand and day-to-day working practices of employees.

In both of these scenarios, it’s hard for compliance training to be effective because members of staff simply aren’t engaged with it; an issue adaptive learning was developed to tackle.

Adaptive eLearning explained

Commonly, users complete what the learning industry calls ‘linear compliance training’. Using this type of training content, learners progress through various compliance topics in sequence, usually completing a quiz of sorts at the end of each section.

The approach works by presenting users with quantities of information and asking them to absorb enough to complete the training with an acceptable pass rate. Each user has access to the same information, and each user must pass to the same minimum standard (or else re-take the test in most cases).

Adaptive learning, on the other hand, works rather differently. Here, diagnostic tests are performed early in the training process, determining whether employees really need to refresh previous learning content or if, indeed, their time would be better spent on other areas of compliance where a knowledge gap has been uncovered.

In other words, an adaptive learning curriculum is individualised. It changes depending on the learner and the specific areas of compliance they need most support with.

Using this method, there’s no need to ‘punish’ users with constant re-takes for forgetting small pieces of information (not when that can be fixed with a 2-minute microlearning intervention!) and your diverse knowledge base of learners aren’t all subjected to the same lengthy courses every year (not if they don’t need to be, anyway).

Learning experience platforms (LXPs)

Smart LXPs (like our own Astute platform) are optimised for adaptive learning, and work by collecting information before, during, and after each learning intervention and storing it inside a personal learning record store (LRS) unique to each user.

As each learner continues to complete more diagnostic assessments and training, then, an intelligent platform can identify not only areas in need of refresher training, but also the type of learning content the user seems to benefit most from (e.g., microlearning, gamified courses, or scenario-based learning).

In other words, adaptive learning platforms dynamically adapt to the employee’s role and performance, determining learning journeys for the best learning results rather than simple box-ticking, and offering real-time risk mitigation wherever knowledge gaps are uncovered.

Here’s 5 ways adaptive compliance training benefits your business:

1. Increased ROI

Training is designed to add value to your business, not detract from it.

Adaptive learning offers great ROI because it allows organisations to claw back time spent on unnecessary compliance training in the past, i.e., knowledge that employees already have and don’t need to revise.

Furthermore, since using a smart LXP means most learning content is deployed automatically, the amount of time spent on learning administration is also reduced.

Reducing training time can save companies hundreds of hours per year, allowing employees to get on with the job at hand whilst still encouraging motivation for training and engagement. The result? More productive, better-informed employees.

2. Ease of use

Adaptive learning happens automatically and with minimum human intervention, so it’s a great tool for Learning and Development Managers to utilise as it affords them more time to focus on their goals and the success of their employees.

What’s more, adaptive learning can be rolled out quickly, with minimum hassle, and in direct response to any key-risk areas identified – so it’s useful for organisations that want to remain agile and responsive.

3. Improved knowledge retention

We know by now that knowledge retention rests with high engagement levels – and this is another area where adopting an adaptive learning approach is beneficial.

Adaptive learning doesn’t devalue employee time by forcing staff to complete unnecessary training. This means it has the added benefit of increased morale and commitment when it comes to training activities. After all, we are much more likely to engage with information we don’t already know, rather than speed-reading through content that feels old hat.

Additionally, by utilising and suggesting a variety of learning styles – and, in particular, those learning styles that appeal to the individual user – adaptive learning can be used to increase knowledge retention by presenting learning content in the styles that best engage learners and which obtain the best results for them.

4. Avoids ‘box checking’ compliance

When employees are forced to complete or revise learning content simply so the company can ‘check off’ a compliance box it’s usually true that very little learning actually goes on. More than this, ‘checking the box’ when it comes to compliance sends a terrible message to your workforce – it says you don’t really care about the material and its content and, sadly, this is a message that can permeate the entire corporate culture.

Adaptive learning uses diagnostic assessments, however, which involves the learner in their own learning journey. Utilising this method, employees are aware that, when they’re asked to complete a learning intervention, it’s because of a particular and real knowledge gap that has been uncovered – it’s not because the company requires them to do so to tick a box.

In turn, this speaks to a true culture of compliance, one built on trust and mutual respect, where employees can take ownership for their own skills gaps and complete learning journeys in their own time.

To find out more about building a compliance culture, download our free eBook, How to Create a Compliance Culture.

5. Allows for frequent updates

Traditional linear approaches to eLearning can’t always accurately track what people have learnt or haven’t – and they don’t adjust to this information even if they could. Of course, this makes it difficult to add new learning material without making employees re-take the whole course (which wouldn’t go down well, as you can imagine)!

Adding new material as an addendum is an option, of course, or creating short, microlearning courses with additional information might work, but this can confuse new learners, for whom these additions would feel out of context. To avoid this, companies often limit the number of updates, but that delays new information getting out to the employees and can leave eLearning courses lacking important updates for too long.

The solution, once again, is adaptive learning. When changes to the course are introduced, the system can differentiate between material a learner has already covered and new areas ready to be studied. Adaptive learning also provides the ability to incrementally author content, releasing the highest-priority subjects first and then adding new content to the system.

Final word

Adaptive compliance training has huge benefits for organisations, from next next level ROI, to improved engagement, and helping to build a compliance culture. We hope this article has helped our readers understand how to boost their compliance training program and get the best value from their training solution. However, if there’s anything we can help you with, or if you wish to explore our own adaptive learning offering, please do get in touch via email or phone. We’re always more than happy to help.

8 Top Tips to Boost your Compliance Training

Compliance training can be a tricky business. Whilst its importance as a risk mitigation tool and driver of behavioural change isn’t called into question too often these days, its effectiveness on the other hand – and how well staff are engaging with compliance training – continues to be something of a question mark for many organisations.

This makes sense; after all, most employees don’t live and breathe compliance (although we do here at DeltaNet!). Indeed, compliance training is something employees must complete in addition to and instead of their job. Therefore, it can – if compliance managers aren’t careful – be viewed as something of an unwelcome interruption, even a burden to some.

Of course, this is particularly true at organisations where compliance training is treated as such! These are the places where the same dull, legislatively focused learning-content or policy document is rolled out annually with no regard as to whether the employee has read and understood it many times before (or, indeed, on which topics they might actually need a bit of refresher training and clarification).

Now, we’re not suggesting this alters the critical importance of compliance training whatsoever, but it’s not really fair to expect this sort of training to be engaging, is it? And where there’s no engagement there can be no retention and, therefore, the training is indeed less effective.

Changing perspectives of compliance training

The truth is, compliance training is about so much more than legislation and policies.

At its core, it’s about empowering your employees and equipping them with the right skills to handle the requirements of regulation as they affect their daily work tasks.

In doing so, compliance training helps members of staff to flourish and be productive at work because it helps clarify their responsibilities and the boundaries surrounding these.

As well as reducing liability and risks for everyone in the company, then, compliance training is a gateway allowing employees to get on with work unsupervised which, in turn, builds trust and drives productivity.

So, how can organisations ensure that their compliance training is effective? That it isn’t too legislatively focused, but relevant, engaging, and empowering instead?

We’ve got 8 top tips to help with that!

Maximise your compliance training

1. Make use of microlearning

Microlearning is a powerful training technique in the world of eLearning, and it can be leveraged in all sorts of ways to make compliance training more relevant, less cumbersome, and much timelier.

Microlearning is a way of condensing information and key points into short, specific ‘bursts’ of knowledge that are usually only a few minutes in length. Its compact and highly-relevant nature means that learners are less likely to suffer from learning fatigue and much more likely to slot a slice of refresher training in-between tasks or ‘just in time’, when the knowledge gap appears in the flow of work.

More than this, microlearning is modular as well as scalable. This means it’s easy to update or replace the content of microlearning courses regularly and that different microlearning courses can be pieced together or swapped out to make longer, more personalised learning interventions that address individual skills gaps.

Image

2. Try adaptive learning paths

Adaptive learning (sometimes called adaptive teaching, adaptive instruction, or intelligent tutoring) is an educational method which uses artificial intelligence to present users with individually customised learning programs.

It works by gathering data before, during, and after the learning process and using this information intelligently to create optimised learning paths for each user.

As the user continues to complete more compliance training and take more assessments, then, an adaptive platform is able to identify and feed them content of particular relevance (based off previous performances, learning preferences, engagement times, and so on).

In other words, adaptive learning platforms can automatically and intelligently determine which learning content, activities, and techniques will benefit the learner most and provide the best learning results.

Whilst it still bridges important knowledge gaps when it comes to compliance, adaptive learning doesn’t devalue employee time by forcing them to complete unnecessary training. Naturally, this has the benefit of increased engagement levels and higher morale.

Find out more about adaptive learning

3. Incorporate gamification

Gamification exploded onto the eLearning scene years ago, but is still a hot trend when it comes to increasing engagement, motivation, and retention levels with learners.

Used inside compliance training programs, gamification offers a strategic, integrated approach that makes learning more fun. Elements of game-design (e.g. point scoring, competition, themes, rewards, and so on) are appealing to users who might not relish the idea of learning about regulation but could enjoy the concept of ‘leveling up’ instead.

The key is to make learners feel like they’re moving vertically through ‘achievements’ rather than horizontally pawing through the same old exercise. With gamification, there’s an ‘end goal’, something constructive to strive towards in a relaxed, non-threatening environment.

4. Involve top management

The ‘tone from the top’ is a phrase used to define the commitment of an organisation’s leadership team, in this case, when it comes to compliance training.

Easily underestimated, the tone at the top can make or break a company’s cultural environment and corporate values, so it’s important that leaders do more than communicate the rules to be obeyed when it comes to compliance matters.

Indeed, senior management should be seen to take their training and the subsequent knowledge acquired seriously and to model consistently good behaviour themselves.

Remember, your leadership team are the ones who set the cultural tone by sharing their vision, reacting quickly (and fairly) to non-compliance, and by celebrating when employees act in a compliant manner.

Read our guide to Creating a Compliance Culture

5. View compliance as ongoing

It’s easy to view compliance – and the associated necessary training – as a destination, just a box to be ticked and forgotten about. However, compliance is an ongoing journey. It will never be ‘complete’.

It’s helpful instead to think of compliance as a spectrum of maturity involving people, processes, and other tools/technology. Indeed, depending on factors such as the size or age of the organisation, your company’s position on the compliance maturity spectrum will adjust will over time, as will the legislation and regulations that lay the groundwork for what compliance means.

For instance, it’s not unusual for start-ups and SMEs to treat compliance as something of a legal obligation (and training as the way this requirement is met). Larger, more established organisations, on the other hand, may have been working on their compliance culture for several years, approaching compliance as it plays a positive role in driving business growth and administering multi-level compliance training that is specifically aimed at the roles of the learners involved as well as the risk profile of the organisation.

6. Mix it up

Employing educational diversity in the form of different learning styles and design techniques can help accommodate diverse learning preferences and, thus, ramp up engagement for your compliance training program.

It helps to incorporate multimedia into your compliance training program; think videos, animations, infographics, interactivity and audio cues – all of which help to avoid monotony and add variety into your learning interventions.

Furthermore, utilising immersive eLearning is a great way to bring compliance modules to life and contextualise them by placing individuals into virtual, interactive learning environments that simulate real work-place scenarios. Immersive eLearning is a safe, inexpensive way for users to learn from their mistakes and for organisations to check their employee’s understanding of certain compliance measures.

Another option is scenario-led learning (also known as problem-based learning), which combines online training with story-telling techniques, independent-thought, and analysis to encourage learners to use information and apply it to their decision-making process.

Image

7. Utilise surveys and polls

Online surveys, questionnaires, and polls can provide an opportunity for your learners to share their impressions and opinions and voice any concerns about their training. These are all valuable insights into the way your compliance program has been received over the years and a great way to uncover areas in need of improvement.

Indeed, these answers can be very useful when it comes to getting an idea of why people continue to take risky actions when it comes to matters of compliance (say, using overly-simple passwords or ignoring health and safety procedures) despite having had training against this.

Measuring employee impressions in this manner is useful information to have, particularly before you embark on a new compliance training program, as it can be used to measure behavioural change and attitudes along the way.

Insights gathered over time, such as how employees react when observing non-compliance, how they view the ‘tone from the top’, as well as whether they feel compliance is communicated effectively and how engaging their training is, can prove invaluable when it comes to the nitty gritty of your training’s efficacy.

8. Measure the effectiveness

With so much compliance training available on the market and legislation being constantly updated, it’s important to regularly review and evaluate the effectiveness of your current corporate learning to ensure that it’s hitting the mark.

One way of doing this is to look into the data your courses provide (and with xAPI and advanced reporting now available, there’s more insight available than ever). Use this data to observe how learners are answering questions and what the success and failure rates for each course look like. This data will tell us plenty about whether the questions asked in each course are effective, whether the learning that leads up to the questions is effective, and how well learners are performing in the final assessments at the end of each course.

There are also tools available on the market, for example, phishing simulators, that can be utilised to test the effectiveness of specific training (in this case, cyber-security) and used to deploy further training where it’s needed most.

Ultimately, the key piece of information to observe when testing the effectiveness of compliance training is employee behaviour. Take a look at what your objectives were when you first began the training journey and weigh-up whether you’re seeing the sorts of behaviours you expected to see upon its completion. For example, are people using stronger passwords after having received information security training? Are people starting to speak up more after receiving whistleblowing training?

If the answer is yes, your training has been effective.

Find out more about measuring the effectiveness of your Compliance Training

Final word

Compliance training has huge benefits for organisations, from managing regulatory risk, to improving performance, and nurturing trust. We hope this article has helped our readers understand how to boost their compliance training program and get the best value from their training solution. However, if there’s anything we can help you with, please do get in touch via email or on 01509 611019. We’re a friendly bunch and would be more than happy to help.

What is Compliance Training?

Workplace compliance is more than just following the office rules. In fact, used in a business context, it usually refers to requirements, conditions or restrictions imposed and enforced by various external regulatory bodies, e.g., public organisations or government agencies.

Examples of regulatory bodies in the UK include the Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO), and the Health and Safety Executive (HSE).

It’s important to know that all organisations have a legal obligation to manage regulatory risk. As such, it’s up to them to ensure they’re aware of, and have taken steps to comply with, all relevant laws and regulations – from data protection to health and safety, and any other industry-specific policies and standards.

In practice, then, not only must organisations comply with numerous regulations, but they must also know (and communicate with their staff) how to comply and what to do to maintain this compliance throughout the organisation – and that’s where compliance training comes in.

Compliance training is the way organisations educate employees about relevant laws and regulations which apply to them, and which affect their day-to-day job activities.

Why is compliance training so important?

As above, the main reason for compliance training is to ensure employees have the necessary knowledge to comply with the company’s legal obligations. Ensuring this is the case has many business benefits (it’s not just a matter of avoiding the consequences and penalties of non-compliance!), including protecting individuals and stakeholders and helping the business succeed.

For example, compliance training makes our workplaces safer. It ensures that every team-member is made aware of potential hazards (e.g., the risk of a fire or of an injury) and that everybody knows what to do to mitigate these risks and what happens in the event an incident occurs.

Compliance training helps us to complete thorough risk assessments which seek to identify and eliminate/manage hazards; it sets the standards for what is considered an acceptable or unacceptable risk to workers’ rights, health, and safety and can prevent (or punish) cases of misconduct or negligence on our behalf.

Compliance training also makes for more productive workplaces. It can serve as a powerful tool for long-term behavioural change, driving values such as fairness, consistency and vigilance – characteristics which can be leveraged in the business setting and applied elsewhere to create high-performing, motivated, and ethical teams.

Additionally, compliance training is essential when it comes to building and maintaining trust. It lays out a set of standards that everybody in the organisation agrees to adhere to, from the CEO to the intern and third-party contractors. It lets us know that our employer has a duty of care towards us and towards its customers, and means we know where to go if we feel we might be in danger (or suspect someone else may be).

Furthermore, the significance of compliance training is underlined by the kinds of topics covered – think codes of conduct, modern slavery, or equality and diversity, for example. These types of subjects lay the groundwork for the company’s culture, the way it will grow, and its decision-making processes.

A summary of the benefits of compliance training

  • Safer work environment
  • Improved business operations
  • Drives behavioural change
  • Promotes a productive, empowered workforce
  • Protection from reputational damage
  • Helps to build trust
  • Reduced risk of legal action
  • Keeps the market competitive
  • Offers customers protection and security
  • Promotes good business ethics
  • Provides means to detect and report violations
  • Helps to shape the company’s culture
  • Reduces error
  • Helps secure business insurance

Common workplace compliance training

Compliance training refers to a huge umbrella of learning and regulation materials, some of which are specialised and very industry-specific (for example, the financial industry and food industry are both highly regulated, for obvious reasons) and others which draw upon a wider audience and are beneficial to all types of organisations (say, certain types of health and safety training).

The location, sector, and day-to-day activities of any given organisation all affect what type of compliance training needs to be administered by the company.

Below we’ll take a look at some common types of compliance training and the ways they benefit businesses:

Fire Safety

Fire safety training is often included in new recruits’ company induction and perhaps the reason why is obvious: this type of training is designed to save lives, reduce injury, prevent company loss, and ensure everyone knows how to act safely in the event of a fire. Additionally, understanding basic fire-fighting techniques (e.g., choosing and operating the right fire extinguisher) can help prevent small fires spreading and becoming more problematic and dangerous.

Of course, fire safety training involves more than knowing what to do in the event of a blaze; it’s also about fire prevention techniques and best working practices. Preventing a fire from starting in the first place involves educating employees about safe use of workplace equipment and being aware of their environment. It also requires refresher training, particularly in the event something in your building changes and new fire risks are identified.

Information Security/Data Protection

Information security – and data protection in particular – became more of a hot topic than ever for businesses following the EU’s enforcement of GDPR in May 2018 (The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Compliance training in this area focuses on the process of safeguarding information from corruption, compromise, or loss – all areas of particular concern for companies since both businesses and consumers increasingly turn to the internet for services (and the amount of data produced continues to increase exponentially).

Whilst not complying with data protection laws and neglecting to follow information security best practice can lead to data breaches and harsh penalties for organisations, compliance training in this area is about so much more than this. Rather, the training focuses on raising awareness about each person’s fundamental rights and freedoms relating to their data, and the processes organisations need to put in place to ensure they aren’t violating these rights.

Equality and Diversity

Equality and diversity are important factors that organisations need to prioritise in order to thrive and be successful. Compliance training in this area usually focuses on the employer’s responsibilities under the Equality Act 2010, what employees can expect from their employer in terms of equal opportunities, and training on what constitutes discrimination and harassment in the workplace. It may also include awareness training about unconscious bias and other forms of workplace bias employees need to know about, particularly those responsible for promotions and recruitment.

Promoting equality and diversity is good for business since, along with these components, come strength and innovation. Tapping into the power of a diverse workforce can help organisations build a competitive edge since doing so brings different perspectives, communication-styles, and problem-solving skills to the table.

It’s also very likely that your target market is made up of a diverse, non-homogenous, range of people. Employees from different cultures and backgrounds can help organisations access a wider range of consumers, ensuring their message is appropriate and appealing to all types of people with different backgrounds and beliefs.

More than this, however, who wouldn’t want to work with and for a company that promotes values such as fairness, respect, and tolerance? In this way, equality and diversity help organisations attract new and gifted talent, as well as retaining their top staff with a thriving, employee-focused company culture.

Slips and Trips

Part of health and safety compliance, training about workplace slips and trips is designed to minimise injury by mitigating the risk of falls, slips and trips whilst we’re at work. It’s true that some workplaces are more at risk for this type of injury (say, for employees working inside a busy kitchen or manufacturing plant), however, slips and trips remain among the most common causes of workplace injury for all types of industries.

This type of compliance training is popular because almost all slips and trips at work are avoidable and raising awareness about our surroundings and safety at work can help reduce the likelihood of slips and trips occurring. In turn, this helps to prevent injury, sickness leave, and possible legal action.

Compliance training is this area may focus on common causes of slips and trips, particular workplace hazards that can cause slips and trips, and best practice for cleaning floors safely.

Code of Conduct

It’s true that most of us already know right from wrong, but a code of conduct exists to spell out specific behaviours that are either required, acceptable, or prohibited within the workplace setting. As such, your code of conduct has value both as an internal compliance guideline and as an external statement of corporate values and commitments.

Every organisation can benefit from having a code of conduct because it removes any confusion that may exist around one very complex area: employee misconduct. Your code establishes standards of behaviour and lays out, in no uncertain terms, what the consequences will be for any compliance breaches. In this way, codes of conduct also provide legal protections in the case of unfair dismissal claims.

By being transparent this way – and by all members of staff adhering to the standards and processes laid out within it – your code of conduct can help build an environment of trust, and this is one of the most important characteristics of true organisational compliance. So, for businesses looking to improve or even build their compliance culture, think of your code of conduct as the very first step.

Who needs compliance training?

Everyone who is employed or who employs!

Compliance training is important for each and every member of staff. It ensures that everybody in the organisation is working from the same company roadmap and has been given the guidance and awareness training they need to work in accordance with the law and any other industry-specific regulations.

Compliance training helps organisations ensure that employees know what to do and how to do it to keep everybody safe, but it also focuses on educating employees about why doing so is important and what employees can expect from their employer under the law and company code of conduct.

Compliance training is also a useful way for employers to check that employees understand what is required of them and the ways these requirements affect their job. It helps members of staff to flourish and be productive at work by clarifying their responsibilities and boundaries, empowering them with the knowledge to work unsupervised, and reducing liability and risks for everyone in the company.

The trick, of course, is to make compliance training interesting enough so that everyone pays attention and retains what they’ve learnt, which means …

Making compliance training engaging

We can all agree that force-feeding your employees dull, legislatively focused learning-content for the sake of ticking a compliance training box is not conducive to learning, compliance, or even consciousness in some cases!

The good news is that, whilst still content-led, many digital forms of compliance training (which just so happens to be our specialty!) are now more focused on UX and design-techniques meant to enhance learner engagement and motivation, and, therefore, to instigate real behavioural change.

Design techniques

For example, what’s known in the industry as ‘immersive eLearning’, is actually a way of contextualising and adding relevance to compliance modules to bring them to life. In simple terms, immersive eLearning experiences place individuals into virtual, interactive learning environments that simulate real work-place scenarios. It’s a safe, inexpensive way for users to learn from their mistakes and for organisations to check their employee’s understanding of certain compliance measures.

Furthermore, scenario-led learning (also known as problem-based learning) combines online training with story-telling techniques, independent-thought, and analysis to encourage learners to use information and apply it to their decision-making process. As well as its obvious benefits for compliance training, scenario-led learning helps employees to cultivate critical thinking and problem-solving skills by weaving complex narratives into a media-rich, highly-visual environment.

eLearning also offers organisations the option to introduce gamified elements to compliance training, such as those found in video-games. Far from a way to dumb-down or somehow make compliance issues less-serious, gamification is a purposeful step away from the chore-like reputation that mandated training has always been stuck with.

Microlearning can also hugely reduce the amount of unnecessary content learners have to deal with when completing compliance training by offering short ‘bursts’ of knowledge about key compliance topics or to refresh prior knowledge.

Taking this concept further still, using a technique called ‘adaptive learning’ AI can be introduced to compliance training to help streamline it, presenting users with individually customised learning programs which focus on their particular compliance knowledge gaps.

Adaptive compliance training

Adaptive learning works by gathering data before, during, and after the learning process and using this mined information intelligently to create optimised learning paths for each user.

Therefore, as the user continues to complete more training and take more assessments, the platform is able to identify and feed back only the content that is relevant to them, based on their performance and confidence levels.

In doing so, it will also address their unique requirements and learning preferences, presenting the type of compliance content (e.g., gamified courses, immersive learning, and so on.) that best appeals to the user, that they have engaged with well in the past, and that addresses any identified compliance knowledge gaps.

What’s more, adaptive learning can be rolled out quickly, with minimum hassle, and in direct response to any key-risk areas identified – so it’s useful for organisations that want to remain agile and responsive.

Final word

Compliance training has huge benefits for organisations, from managing regulatory risk, to improving performance, and nurturing trust. We hope this article has helped our readers understand the necessity of compliance training and its place within the modern workplace. If there’s anything we can help you with, please do get in touch via email or phone. We’re a friendly bunch and would be more than happy help.

Phishing Explained: Common Types of Phishing you Need to Know About

Phishing is a type of cyber-crime, in fact it’s one of the most common types of cyber-crime organisations encounter, costing, on average, just under £3M per successful attack.

Phishing works by targeting individuals, or entire organisations, via email, telephone, or text message and posing as a legitimate person/business requesting users to click on links to perform some type of action.

Phishing attacks often ask users to ‘confirm’ and share personal data such as passwords or credit card information, but the links contained in these types of attacks can also download malicious software, such as ransomware, onto the unsuspecting users’ computer.

Common features of phishing

Depending on how sophisticated the scammer is, phishing can take many forms and appear to be from a myriad of legitimate-looking senders. However, there are common characteristics to look out for when spotting phishing attacks:

  • Congratulations! – Often phishing scams are wrapped up the disguise of a lucrative deal or offer intended to grab people’s attention and make them feel excited and/or lucky. You may have ‘won’ a competition or else be offered the chance to invest in a wonderful (but totally fictitious) product. Remember, if it seems too-good-to-be-true, it probably is.
  • Urgency – Phishing scammers don’t want to give you time to think, it’s one of the reasons people at work are more likely to fall for these types of attack – their thoughts are on other important tasks. Cyber-criminals want you to act fast, so if you encounter an email pushing a sense of urgency or insisting you do something ‘immediately’, it’s best to think twice. Legitimate organisations are unlikely to give you little time to act.
  • Links – If you’ve received a message asking you to click on a hyperlink, you can hover over it to view the actual URL it points to. Double check if this URL seems legitimate (is it misspelled? Does it seem to lead to a completely different website from where the source purports to be?). When in doubt, do not click! Visit the source directly and contact their customer team.
  • Attachments – if you spot an unexpected or strangely uncontextual attachment in an email, do not open and delete it immediately. Very often these files contain malware or viruses that automatically download to your device.
  • Beware the sender – Keep an eye on the sender’s name; if you recognise it, ask yourself whether the tone of the email seems unexpected or out of character. If you’re in doubt, contact the person separately and check whether the message is real. If the sender is unknown to you, it’s ok to be suspicious about why they would contact you and how they got your details. If you’re unsure, it’s always best practice to forward the email to your IT department or contact the source directly yourself.

Image

Common types of phishing to look out for

Whilst the goal of any phishing scam is to steal personal/sensitive data, there are many different types of phishing your employees should be aware of:

Email phishing

Not news to many of us, most phishing attacks are sent by email. Here, cyber-criminals register fake domains that impersonate genuine people or organisations, sending hundreds of thousands of generic requests to individuals, hoping just 1 or 2 will succeed in scamming somebody. Usually, the fake domain involves character substitution, e.g., using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. Alternatively, the criminal may use the impersonated person or organisation’s name in part of the fake email address, hoping it will con a distracted recipient into thinking the address is legitimate.

Spear phishing

Spear phishing is a type of email phishing, but it involves targeting only one specific person or group of people (hence the ‘spear’ symbolism). Cyber-criminals who engage in spear phishing will already have some, or all, of the following information about the victim: name, workplace, job title, email address, information about their job role, social media account information and posts, friends list. This type of information-gathering is a form of social engineering and it works because it allows cyber-criminals to launch more targeted phishing attacks that look and feel more personal and therefore, more genuine. An example of spear phishing would be an email from your ‘manager’ asking you to click a link and complete a genuine-sounding task.

Whaling

Whaling attacks are an even more targeted form of email phishing and are designed to go after the ‘big fish’, e.g. senior management or the ‘C-suite’. Crafted with a solid understanding of business language/tone, whaling is a type of fraud designed to encourage victims to perform a business-related action, e.g. transfer funds or file tax information. Similar to other phishing attacks, whaling is often accompanied by a sense of urgency and preys upon the fact that their target will be busy and stressed-out by the request.

Smishing and vishing

In the instance of both smishing and vishing, telephones replace emails as the vehicle of attack. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation. A common vishing scam, for example, involves a fraudster posing as a bank or credit card representative and informing the victim that their account has been breached. The criminal will then ask the victim to provide payment card details to ‘verify’ their identity or to transfer money into a ‘secure’ account – of course, this account really belongs to the criminal.

Angler phishing

Referring to the ‘hook’ aspect of real fishing, angler phishing is a specific type of phishing attack that exists on social media. Using social platforms, attacks are launched from realistic-looking corporate social media accounts that, in actual fact, exist to post malicious URLS to cloned websites, and which propagate fake posts, tweets, and products. These accounts may also contact followers, urging them to divulge sensitive information or click links to download malware under the guise of a ‘competition’ or similar corporate marketing that mentions specific users.

How effective is your phishing awareness training? It’s easy to find out with our new phishing simulator tool! Click HERE to find out more.

How to Measure the Effectiveness of your Cyber Security Training

After spending time and effort deciding upon the right cyber-security training solutions provider, agreeing and implementing said training, and then overseeing the roll-out with employees, you’d be surprised how often businesses drop the ball when it comes to measuring the fruits of their labour.

If you don’t measure the results, though, how can you know for sure the training is working? How do you know you’re doing enough to protect your company?

The good news is, you’re reading this article! So, here are some key principles and useful tools to bear in mind when measuring the effectiveness of your cyber-security training:

Identify skills gaps

Skills gaps are deficiencies in performance caused by lack of skills for, or knowledge about, the workplace (for instance, keeping business information secure).

In the short term, the goal of training is to bridge these gaps through a series of learning interventions; the desired outcome here being the mitigation of their effect upon business performance and metrics.

In the long term, however, your training solution should seek to identify and rectify the root causes of such gaps and help to improve processes around these areas. In other words: to remove the gap from occurring in the first place.

To achieve both these long and short term goals (and to measure their progress over time) you’ll need access to information, and that’s why it’s important to …

Test your employees

Did you know that the latest cyber-attack trend data for the UK shows the majority of data breaches began with a phishing attack?

Every day 156 million phishing emails are sent and 16 million of these get through security filters into inboxes.

What’s more, 8 million phishing emails are opened and 800,000 malicious links in those emails are clicked.

80,000 recipients fall for phishing scams every. Single. Day.

One surefire way to test if your cyber-security awareness training is hitting the mark is to test it – and not only by using knowledge-based quizzes and surveys. Rather, software such as phishing simulators can be used to conduct fake phishing attacks within your company – across a range of different industries and targeting specific audiences (e.g. aimed a C-suite, aimed at finance, fake social media accounts, and so on).

By integrating tools like phishing simulators into a Learning Management System (such as the one your eLearning is hosted on) it’s easy to see campaign reports (open rates, click rates, deletion figures, etc..) and diagnose which employees require further training and reinforcement activities straight away.

Image

Up your reporting game

xAPI (or Experience API) is a file format for storing and retrieving all the data from your learning experience in the form a data-based ‘statements’. These are then stored inside a Learning Record Store (LRS) for each employee.

Using xAPI, then, it’s easy to collect and anaylse data from a whole range of learning experiences (even those carried-out outside a browser; mobile apps and so forth) and – when it comes to learning analytics – this is great news! It means we have the ability to track employee progress over time, monitor performance pre- and post-assessment, and measure engagement across entire programs of learning.

These insights build a real picture about the effectiveness of your chosen training solution and, when used alongside an intelligent learning platform, can be used to create targeted learning journeys designed to fill any gaps in knowledge and increase the training’s potency.

Check your culture

Admittedly, measuring a compliance culture seems rather difficult, but that’s not to say it’s impossible! Businesses might use anonymous surveys, for example, to measure attitudes, behaviors, and employee impressions – these answers can be very useful when it comes to giving an idea of why people continue to take risky actions (e.g. using overly-simple passwords or leaving screens unlocked) despite having had training against this.

Measuring employee impressions in this manner is useful information to have, particularly before you embark on a new cyber-security training program, as it can be used to measure behavioural change and attitudes along the way.

Insights over time, such as how employees react when observing and/or reporting cyber-security incidents, how they view the ‘tone from the top’ (i.e. management commitment) when it comes to cyber-security measures, as well as whether they feel compliance is communicated effectively and how engaging their training is, can prove invaluable when it comes to the nitty gritty of your training’s efficacy.

After all, qualitative insights from surveys can help you change behaviours and reduce risks – but it’s important to note that finding an overall quantitative cultural metric is equally important. It’s only through quantitative metrics that behavioural improvements can really be measured and sought.

Data Phishing: Everything you Need to Know to Keep Your Business’s Data safe.

The more organisations understand about how to prevent data phishing the better; after all, 4 in 10 businesses (39%) and more than a quarter of charities (26%) report having suffered cyber security breaches or attacks in the last 12 months according to a recent government survey.

Indeed, when we add-up the cost of cyber-crime to UK businesses (which, astoundingly, reached £87 billion 2015-20) and consider the phishing attack increase seen throughout the covid-19 pandemic (as if businesses didn’t have it tough enough during this time!), it’s clear that the phishing threat isn’t going away any time soon. Therefore, business leaders should act accordingly to protect their assets, brand reputation, and data.

Phishing explained

Phishing is a hacking technique where ‘bait’ – often in the form of an ‘urgent’ request for information from a seemingly trustworthy source – is emailed or texted to users.

It involves tricking the user into clicking upon false links that redirect to a fraudulent, yet convincing-looking, website. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.

By and large, phishing emails are mass-sent to thousands of recipients at random, in the hope that at least one or two people will fall for the trick (maybe they’re busy and distracted at work, for example, a very good reason to refresh phishing awareness training regularly!).

A similar, yet more targeted, scam known as ‘spear phishing’ is slightly more artful. Spear phishing is designed to target a specific individual, often inside a particular organisation that hackers have chosen to infiltrate, and it often involves differing levels of social engineering to craft targeted attacks. Find out more about common types of phishing attack here.

Image

Phishing and social media

Phishing might also occur across social media channels, and this isn’t something businesses should overlook. After all, many members of staff use personal social media accounts during their break time or on their phone at work, and most organisations have professional social media accounts set-up to share company updates.

Hacked-accounts on social media might share links via a status update or private message – a method of phishing that’s highly effective since users are more likely to trust links sent from people they know.

Another common phishing tactic on social media is fraudulent customer-service representatives or ‘help desks’ asking users to verify their identity, or claiming users’ accounts are under attack and must be reset in some way. Of course, this always involves users sharing their login information with the fraudster.

In both these cases, people that re-use social media passwords for things like email accounts, work PCs, and online banking could find themselves in serious trouble if they fall for the con.

Data Phishing Prevention

Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can educate employees to avoid these sorts of phishing panic-attacks by offering regular cyber-security awareness training (including social media awareness training) designed to keep users alert and always wary of the messages they receive.

Using a phishing simulator tool can also test how effective your cyber-security training is by putting employees to the test with regular phishing simulation emails.

Designed to keep awareness levels high and offer additional phishing training to those who need it (i.e., those who don’t pass the test), phishing simulators can boost your organisation’s information security program and allow security professionals to monitor vulnerabilities.