What is Compliance Training?

Workplace compliance is more than just following the office rules. In fact, used in a business context, it usually refers to requirements, conditions or restrictions imposed and enforced by various external regulatory bodies, e.g., public organisations or government agencies.

Examples of regulatory bodies in the UK include the Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO), and the Health and Safety Executive (HSE).

It’s important to know that all organisations have a legal obligation to manage regulatory risk. As such, it’s up to them to ensure they’re aware of, and have taken steps to comply with, all relevant laws and regulations – from data protection to health and safety, and any other industry-specific policies and standards.

In practice, then, not only must organisations comply with numerous regulations, but they must also know (and communicate with their staff) how to comply and what to do to maintain this compliance throughout the organisation – and that’s where compliance training comes in.

Compliance training is the way organisations educate employees about relevant laws and regulations which apply to them, and which affect their day-to-day job activities.

Why is compliance training so important?

As above, the main reason for compliance training is to ensure employees have the necessary knowledge to comply with the company’s legal obligations. Ensuring this is the case has many business benefits (it’s not just a matter of avoiding the consequences and penalties of non-compliance!), including protecting individuals and stakeholders and helping the business succeed.

For example, compliance training makes our workplaces safer. It ensures that every team-member is made aware of potential hazards (e.g., the risk of a fire or of an injury) and that everybody knows what to do to mitigate these risks and what happens in the event an incident occurs.

Compliance training helps us to complete thorough risk assessments which seek to identify and eliminate/manage hazards; it sets the standards for what is considered an acceptable or unacceptable risk to workers’ rights, health, and safety and can prevent (or punish) cases of misconduct or negligence on our behalf.

Compliance training also makes for more productive workplaces. It can serve as a powerful tool for long-term behavioural change, driving values such as fairness, consistency and vigilance – characteristics which can be leveraged in the business setting and applied elsewhere to create high-performing, motivated, and ethical teams.

Additionally, compliance training is essential when it comes to building and maintaining trust. It lays out a set of standards that everybody in the organisation agrees to adhere to, from the CEO to the intern and third-party contractors. It lets us know that our employer has a duty of care towards us and towards its customers, and means we know where to go if we feel we might be in danger (or suspect someone else may be).

Furthermore, the significance of compliance training is underlined by the kinds of topics covered – think codes of conduct, modern slavery, or equality and diversity, for example. These types of subjects lay the groundwork for the company’s culture, the way it will grow, and its decision-making processes.

A summary of the benefits of compliance training

  • Safer work environment
  • Improved business operations
  • Drives behavioural change
  • Promotes a productive, empowered workforce
  • Protection from reputational damage
  • Helps to build trust
  • Reduced risk of legal action
  • Keeps the market competitive
  • Offers customers protection and security
  • Promotes good business ethics
  • Provides means to detect and report violations
  • Helps to shape the company’s culture
  • Reduces error
  • Helps secure business insurance

Common workplace compliance training

Compliance training refers to a huge umbrella of learning and regulation materials, some of which are specialised and very industry-specific (for example, the financial industry and food industry are both highly regulated, for obvious reasons) and others which draw upon a wider audience and are beneficial to all types of organisations (say, certain types of health and safety training).

The location, sector, and day-to-day activities of any given organisation all affect what type of compliance training needs to be administered by the company.

Below we’ll take a look at some common types of compliance training and the ways they benefit businesses:

Fire Safety

Fire safety training is often included in new recruits’ company induction and perhaps the reason why is obvious: this type of training is designed to save lives, reduce injury, prevent company loss, and ensure everyone knows how to act safely in the event of a fire. Additionally, understanding basic fire-fighting techniques (e.g., choosing and operating the right fire extinguisher) can help prevent small fires spreading and becoming more problematic and dangerous.

Of course, fire safety training involves more than knowing what to do in the event of a blaze; it’s also about fire prevention techniques and best working practices. Preventing a fire from starting in the first place involves educating employees about safe use of workplace equipment and being aware of their environment. It also requires refresher training, particularly in the event something in your building changes and new fire risks are identified.

Information Security/Data Protection

Information security – and data protection in particular – became more of a hot topic than ever for businesses following the EU’s enforcement of GDPR in May 2018 (The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Compliance training in this area focuses on the process of safeguarding information from corruption, compromise, or loss – all areas of particular concern for companies since both businesses and consumers increasingly turn to the internet for services (and the amount of data produced continues to increase exponentially).

Whilst not complying with data protection laws and neglecting to follow information security best practice can lead to data breaches and harsh penalties for organisations, compliance training in this area is about so much more than this. Rather, the training focuses on raising awareness about each person’s fundamental rights and freedoms relating to their data, and the processes organisations need to put in place to ensure they aren’t violating these rights.

Equality and Diversity

Equality and diversity are important factors that organisations need to prioritise in order to thrive and be successful. Compliance training in this area usually focuses on the employer’s responsibilities under the Equality Act 2010, what employees can expect from their employer in terms of equal opportunities, and training on what constitutes discrimination and harassment in the workplace. It may also include awareness training about unconscious bias and other forms of workplace bias employees need to know about, particularly those responsible for promotions and recruitment.

Promoting equality and diversity is good for business since, along with these components, come strength and innovation. Tapping into the power of a diverse workforce can help organisations build a competitive edge since doing so brings different perspectives, communication-styles, and problem-solving skills to the table.

It’s also very likely that your target market is made up of a diverse, non-homogenous, range of people. Employees from different cultures and backgrounds can help organisations access a wider range of consumers, ensuring their message is appropriate and appealing to all types of people with different backgrounds and beliefs.

More than this, however, who wouldn’t want to work with and for a company that promotes values such as fairness, respect, and tolerance? In this way, equality and diversity help organisations attract new and gifted talent, as well as retaining their top staff with a thriving, employee-focused company culture.

Slips and Trips

Part of health and safety compliance, training about workplace slips and trips is designed to minimise injury by mitigating the risk of falls, slips and trips whilst we’re at work. It’s true that some workplaces are more at risk for this type of injury (say, for employees working inside a busy kitchen or manufacturing plant), however, slips and trips remain among the most common causes of workplace injury for all types of industries.

This type of compliance training is popular because almost all slips and trips at work are avoidable and raising awareness about our surroundings and safety at work can help reduce the likelihood of slips and trips occurring. In turn, this helps to prevent injury, sickness leave, and possible legal action.

Compliance training is this area may focus on common causes of slips and trips, particular workplace hazards that can cause slips and trips, and best practice for cleaning floors safely.

Code of Conduct

It’s true that most of us already know right from wrong, but a code of conduct exists to spell out specific behaviours that are either required, acceptable, or prohibited within the workplace setting. As such, your code of conduct has value both as an internal compliance guideline and as an external statement of corporate values and commitments.

Every organisation can benefit from having a code of conduct because it removes any confusion that may exist around one very complex area: employee misconduct. Your code establishes standards of behaviour and lays out, in no uncertain terms, what the consequences will be for any compliance breaches. In this way, codes of conduct also provide legal protections in the case of unfair dismissal claims.

By being transparent this way – and by all members of staff adhering to the standards and processes laid out within it – your code of conduct can help build an environment of trust, and this is one of the most important characteristics of true organisational compliance. So, for businesses looking to improve or even build their compliance culture, think of your code of conduct as the very first step.

Who needs compliance training?

Everyone who is employed or who employs!

Compliance training is important for each and every member of staff. It ensures that everybody in the organisation is working from the same company roadmap and has been given the guidance and awareness training they need to work in accordance with the law and any other industry-specific regulations.

Compliance training helps organisations ensure that employees know what to do and how to do it to keep everybody safe, but it also focuses on educating employees about why doing so is important and what employees can expect from their employer under the law and company code of conduct.

Compliance training is also a useful way for employers to check that employees understand what is required of them and the ways these requirements affect their job. It helps members of staff to flourish and be productive at work by clarifying their responsibilities and boundaries, empowering them with the knowledge to work unsupervised, and reducing liability and risks for everyone in the company.

The trick, of course, is to make compliance training interesting enough so that everyone pays attention and retains what they’ve learnt, which means …

Making compliance training engaging

We can all agree that force-feeding your employees dull, legislatively focused learning-content for the sake of ticking a compliance training box is not conducive to learning, compliance, or even consciousness in some cases!

The good news is that, whilst still content-led, many digital forms of compliance training (which just so happens to be our specialty!) are now more focused on UX and design-techniques meant to enhance learner engagement and motivation, and, therefore, to instigate real behavioural change.

Design techniques

For example, what’s known in the industry as ‘immersive eLearning’, is actually a way of contextualising and adding relevance to compliance modules to bring them to life. In simple terms, immersive eLearning experiences place individuals into virtual, interactive learning environments that simulate real work-place scenarios. It’s a safe, inexpensive way for users to learn from their mistakes and for organisations to check their employee’s understanding of certain compliance measures.

Furthermore, scenario-led learning (also known as problem-based learning) combines online training with story-telling techniques, independent-thought, and analysis to encourage learners to use information and apply it to their decision-making process. As well as its obvious benefits for compliance training, scenario-led learning helps employees to cultivate critical thinking and problem-solving skills by weaving complex narratives into a media-rich, highly-visual environment.

eLearning also offers organisations the option to introduce gamified elements to compliance training, such as those found in video-games. Far from a way to dumb-down or somehow make compliance issues less-serious, gamification is a purposeful step away from the chore-like reputation that mandated training has always been stuck with.

Microlearning can also hugely reduce the amount of unnecessary content learners have to deal with when completing compliance training by offering short ‘bursts’ of knowledge about key compliance topics or to refresh prior knowledge.

Taking this concept further still, using a technique called ‘adaptive learning’ AI can be introduced to compliance training to help streamline it, presenting users with individually customised learning programs which focus on their particular compliance knowledge gaps.

Adaptive compliance training

Adaptive learning works by gathering data before, during, and after the learning process and using this mined information intelligently to create optimised learning paths for each user.

Therefore, as the user continues to complete more training and take more assessments, the platform is able to identify and feed back only the content that is relevant to them, based on their performance and confidence levels.

In doing so, it will also address their unique requirements and learning preferences, presenting the type of compliance content (e.g., gamified courses, immersive learning, and so on.) that best appeals to the user, that they have engaged with well in the past, and that addresses any identified compliance knowledge gaps.

What’s more, adaptive learning can be rolled out quickly, with minimum hassle, and in direct response to any key-risk areas identified – so it’s useful for organisations that want to remain agile and responsive.

Final word

Compliance training has huge benefits for organisations, from managing regulatory risk, to improving performance, and nurturing trust. We hope this article has helped our readers understand the necessity of compliance training and its place within the modern workplace. If there’s anything we can help you with, please do get in touch via email or phone. We’re a friendly bunch and would be more than happy help.

Phishing Explained: Common Types of Phishing you Need to Know About

Phishing is a type of cyber-crime, in fact it’s one of the most common types of cyber-crime organisations encounter, costing, on average, just under £3M per successful attack.

Phishing works by targeting individuals, or entire organisations, via email, telephone, or text message and posing as a legitimate person/business requesting users to click on links to perform some type of action.

Phishing attacks often ask users to ‘confirm’ and share personal data such as passwords or credit card information, but the links contained in these types of attacks can also download malicious software, such as ransomware, onto the unsuspecting users’ computer.

Common features of phishing

Depending on how sophisticated the scammer is, phishing can take many forms and appear to be from a myriad of legitimate-looking senders. However, there are common characteristics to look out for when spotting phishing attacks:

  • Congratulations! – Often phishing scams are wrapped up the disguise of a lucrative deal or offer intended to grab people’s attention and make them feel excited and/or lucky. You may have ‘won’ a competition or else be offered the chance to invest in a wonderful (but totally fictitious) product. Remember, if it seems too-good-to-be-true, it probably is.
  • Urgency – Phishing scammers don’t want to give you time to think, it’s one of the reasons people at work are more likely to fall for these types of attack – their thoughts are on other important tasks. Cyber-criminals want you to act fast, so if you encounter an email pushing a sense of urgency or insisting you do something ‘immediately’, it’s best to think twice. Legitimate organisations are unlikely to give you little time to act.
  • Links – If you’ve received a message asking you to click on a hyperlink, you can hover over it to view the actual URL it points to. Double check if this URL seems legitimate (is it misspelled? Does it seem to lead to a completely different website from where the source purports to be?). When in doubt, do not click! Visit the source directly and contact their customer team.
  • Attachments – if you spot an unexpected or strangely uncontextual attachment in an email, do not open and delete it immediately. Very often these files contain malware or viruses that automatically download to your device.
  • Beware the sender – Keep an eye on the sender’s name; if you recognise it, ask yourself whether the tone of the email seems unexpected or out of character. If you’re in doubt, contact the person separately and check whether the message is real. If the sender is unknown to you, it’s ok to be suspicious about why they would contact you and how they got your details. If you’re unsure, it’s always best practice to forward the email to your IT department or contact the source directly yourself.

Image

Common types of phishing to look out for

Whilst the goal of any phishing scam is to steal personal/sensitive data, there are many different types of phishing your employees should be aware of:

Email phishing

Not news to many of us, most phishing attacks are sent by email. Here, cyber-criminals register fake domains that impersonate genuine people or organisations, sending hundreds of thousands of generic requests to individuals, hoping just 1 or 2 will succeed in scamming somebody. Usually, the fake domain involves character substitution, e.g., using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. Alternatively, the criminal may use the impersonated person or organisation’s name in part of the fake email address, hoping it will con a distracted recipient into thinking the address is legitimate.

Spear phishing

Spear phishing is a type of email phishing, but it involves targeting only one specific person or group of people (hence the ‘spear’ symbolism). Cyber-criminals who engage in spear phishing will already have some, or all, of the following information about the victim: name, workplace, job title, email address, information about their job role, social media account information and posts, friends list. This type of information-gathering is a form of social engineering and it works because it allows cyber-criminals to launch more targeted phishing attacks that look and feel more personal and therefore, more genuine. An example of spear phishing would be an email from your ‘manager’ asking you to click a link and complete a genuine-sounding task.

Whaling

Whaling attacks are an even more targeted form of email phishing and are designed to go after the ‘big fish’, e.g. senior management or the ‘C-suite’. Crafted with a solid understanding of business language/tone, whaling is a type of fraud designed to encourage victims to perform a business-related action, e.g. transfer funds or file tax information. Similar to other phishing attacks, whaling is often accompanied by a sense of urgency and preys upon the fact that their target will be busy and stressed-out by the request.

Smishing and vishing

In the instance of both smishing and vishing, telephones replace emails as the vehicle of attack. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation. A common vishing scam, for example, involves a fraudster posing as a bank or credit card representative and informing the victim that their account has been breached. The criminal will then ask the victim to provide payment card details to ‘verify’ their identity or to transfer money into a ‘secure’ account – of course, this account really belongs to the criminal.

Angler phishing

Referring to the ‘hook’ aspect of real fishing, angler phishing is a specific type of phishing attack that exists on social media. Using social platforms, attacks are launched from realistic-looking corporate social media accounts that, in actual fact, exist to post malicious URLS to cloned websites, and which propagate fake posts, tweets, and products. These accounts may also contact followers, urging them to divulge sensitive information or click links to download malware under the guise of a ‘competition’ or similar corporate marketing that mentions specific users.

How effective is your phishing awareness training? It’s easy to find out with our new phishing simulator tool! Click HERE to find out more.

How to Measure the Effectiveness of your Cyber Security Training

After spending time and effort deciding upon the right cyber-security training solutions provider, agreeing and implementing said training, and then overseeing the roll-out with employees, you’d be surprised how often businesses drop the ball when it comes to measuring the fruits of their labour.

If you don’t measure the results, though, how can you know for sure the training is working? How do you know you’re doing enough to protect your company?

The good news is, you’re reading this article! So, here are some key principles and useful tools to bear in mind when measuring the effectiveness of your cyber-security training:

Identify skills gaps

Skills gaps are deficiencies in performance caused by lack of skills for, or knowledge about, the workplace (for instance, keeping business information secure).

In the short term, the goal of training is to bridge these gaps through a series of learning interventions; the desired outcome here being the mitigation of their effect upon business performance and metrics.

In the long term, however, your training solution should seek to identify and rectify the root causes of such gaps and help to improve processes around these areas. In other words: to remove the gap from occurring in the first place.

To achieve both these long and short term goals (and to measure their progress over time) you’ll need access to information, and that’s why it’s important to …

Test your employees

Did you know that the latest cyber-attack trend data for the UK shows the majority of data breaches began with a phishing attack?

Every day 156 million phishing emails are sent and 16 million of these get through security filters into inboxes.

What’s more, 8 million phishing emails are opened and 800,000 malicious links in those emails are clicked.

80,000 recipients fall for phishing scams every. Single. Day.

One surefire way to test if your cyber-security awareness training is hitting the mark is to test it – and not only by using knowledge-based quizzes and surveys. Rather, software such as phishing simulators can be used to conduct fake phishing attacks within your company – across a range of different industries and targeting specific audiences (e.g. aimed a C-suite, aimed at finance, fake social media accounts, and so on).

By integrating tools like phishing simulators into a Learning Management System (such as the one your eLearning is hosted on) it’s easy to see campaign reports (open rates, click rates, deletion figures, etc..) and diagnose which employees require further training and reinforcement activities straight away.

Image

Up your reporting game

xAPI (or Experience API) is a file format for storing and retrieving all the data from your learning experience in the form a data-based ‘statements’. These are then stored inside a Learning Record Store (LRS) for each employee.

Using xAPI, then, it’s easy to collect and anaylse data from a whole range of learning experiences (even those carried-out outside a browser; mobile apps and so forth) and – when it comes to learning analytics – this is great news! It means we have the ability to track employee progress over time, monitor performance pre- and post-assessment, and measure engagement across entire programs of learning.

These insights build a real picture about the effectiveness of your chosen training solution and, when used alongside an intelligent learning platform, can be used to create targeted learning journeys designed to fill any gaps in knowledge and increase the training’s potency.

Check your culture

Admittedly, measuring a compliance culture seems rather difficult, but that’s not to say it’s impossible! Businesses might use anonymous surveys, for example, to measure attitudes, behaviors, and employee impressions – these answers can be very useful when it comes to giving an idea of why people continue to take risky actions (e.g. using overly-simple passwords or leaving screens unlocked) despite having had training against this.

Measuring employee impressions in this manner is useful information to have, particularly before you embark on a new cyber-security training program, as it can be used to measure behavioural change and attitudes along the way.

Insights over time, such as how employees react when observing and/or reporting cyber-security incidents, how they view the ‘tone from the top’ (i.e. management commitment) when it comes to cyber-security measures, as well as whether they feel compliance is communicated effectively and how engaging their training is, can prove invaluable when it comes to the nitty gritty of your training’s efficacy.

After all, qualitative insights from surveys can help you change behaviours and reduce risks – but it’s important to note that finding an overall quantitative cultural metric is equally important. It’s only through quantitative metrics that behavioural improvements can really be measured and sought.

Data Phishing: Everything you Need to Know to Keep Your Business’s Data safe.

The more organisations understand about how to prevent data phishing the better; after all, 4 in 10 businesses (39%) and more than a quarter of charities (26%) report having suffered cyber security breaches or attacks in the last 12 months according to a recent government survey.

Indeed, when we add-up the cost of cyber-crime to UK businesses (which, astoundingly, reached £87 billion 2015-20) and consider the phishing attack increase seen throughout the covid-19 pandemic (as if businesses didn’t have it tough enough during this time!), it’s clear that the phishing threat isn’t going away any time soon. Therefore, business leaders should act accordingly to protect their assets, brand reputation, and data.

Phishing explained

Phishing is a hacking technique where ‘bait’ – often in the form of an ‘urgent’ request for information from a seemingly trustworthy source – is emailed or texted to users.

It involves tricking the user into clicking upon false links that redirect to a fraudulent, yet convincing-looking, website. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.

By and large, phishing emails are mass-sent to thousands of recipients at random, in the hope that at least one or two people will fall for the trick (maybe they’re busy and distracted at work, for example, a very good reason to refresh phishing awareness training regularly!).

A similar, yet more targeted, scam known as ‘spear phishing’ is slightly more artful. Spear phishing is designed to target a specific individual, often inside a particular organisation that hackers have chosen to infiltrate, and it often involves differing levels of social engineering to craft targeted attacks. Find out more about common types of phishing attack here.

Image

Phishing and social media

Phishing might also occur across social media channels, and this isn’t something businesses should overlook. After all, many members of staff use personal social media accounts during their break time or on their phone at work, and most organisations have professional social media accounts set-up to share company updates.

Hacked-accounts on social media might share links via a status update or private message – a method of phishing that’s highly effective since users are more likely to trust links sent from people they know.

Another common phishing tactic on social media is fraudulent customer-service representatives or ‘help desks’ asking users to verify their identity, or claiming users’ accounts are under attack and must be reset in some way. Of course, this always involves users sharing their login information with the fraudster.

In both these cases, people that re-use social media passwords for things like email accounts, work PCs, and online banking could find themselves in serious trouble if they fall for the con.

Data Phishing Prevention

Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can educate employees to avoid these sorts of phishing panic-attacks by offering regular cyber-security awareness training (including social media awareness training) designed to keep users alert and always wary of the messages they receive.

Using a phishing simulator tool can also test how effective your cyber-security training is by putting employees to the test with regular phishing simulation emails.

Designed to keep awareness levels high and offer additional phishing training to those who need it (i.e., those who don’t pass the test), phishing simulators can boost your organisation’s information security program and allow security professionals to monitor vulnerabilities.

Hybrid Working – Reducing the Risks of Cyber Attacks

Since the start of the COVID19 pandemic, it is estimated that cybercrime has skyrocketed by 300%. A major factor contributing to the increase in cybercrime is the rise of remote working.

Currently, many businesses continue to work remotely with one in three UK workers currently based exclusively at home. It is a trend expected to continue this year with hybrid working expected to become the norm. With the changing world of work, cybercriminals will continue to exploit human error and target vulnerabilities in systems – no matter where your employees work from.

Red Flags to Look Out For

Cybercriminals use sophisticated tricks and techniques to target and illegally access businesses’ confidential data. Be it phishing, ransomware or social engineering. To beat cybercriminals and ensure cyber safety and information security in the hybrid workplace, let’s look at some of the common red flags of modern social engineering and cyber attacks:

  • Suspicious links or downloads: Avoid clicking on links in emails that you receive from people you don’t know. Take the time to inspect the sender information and whether the email source is genuine. If in doubt, always best to not click or download.
  • Signs of urgency: Many attacks are designed to force the user into taking action promptly. For instance, it could be an email on an outstanding invoice yet to be paid or taking action on an external account to prevent disruption to service.
  • Requesting sensitive information: Such as bank details or national insurance number for tax purposes. Any legitimate organisation will always call you directly if they gather sensitive information.
  • Posing as public or government bodies: Many individuals and businesses report being contacted by public or government bodies. Such as tax refunds from the HMRC, email attachments from the World Health Organisation (WHO) and even bitcoin donations to help fight the coronavirus. These are scare tactics aimed at giving up work or personal email details.

Reducing the Risks

We are strong believers in prevention is better than cure. The best way to reduce the risks of cyberattacks is to invest time and resource in keeping your systems secure and ensuring that your employees are aware of the cyber threats facing your business. The level of threat remains the same irrespective of whether they work from the home or from the office. But in a hybrid working set up, the chances of human error can go up as seen during the COVID19 pandemic. It’s vital for businesses to recognise the risks and take proactive measures to keep their business prepared as they move to a hybrid working model.

Keeping Systems Secure

Most cyber-attacks aim to target organisations with outdated computers and systems which haven’t had the critical security updates or patches installed in a long time. With a lack of security, hackers can easily gain access to business networks and systems. They may also use ransomware to resort to blackmail to hand-back control of systems and databases.

Keeping systems up to date, especially when working remotely, is the first line of defence against cyber-attacks. Make sure you have invested in a reliable IT team and systems which can protect your devices and networks from viruses and hackers. Antivirus software is a cybersecurity cornerstone that can protect against various malware by providing security features such as firewall, spam filters, real-time scanning and security reports, among other things.

Implementing a Cybersecurity Policy

An efficient, company-wide cybersecurity policy can help organisations outline the best practice for their employees to follow while hybrid working and ensure they are taking the necessary steps to keep business information secure. A comprehensive cybersecurity policy is essential for driving the message from the top and raising awareness amongst your employees. Make sure the cybersecurity policy covers:

  • The importance of cybersecurity
  • Recognising cyber threats such as phishing and ransomware
  • Installing security updates and patches
  • Keeping computers and devices secure when not in use
  • Effective password management
  • Using email and the Internet securely

Investing in Awareness Training

Many experts recognise cybersecurity awareness training as a key priority in a hybrid working world. Many cyberattacks are often attributed to employees inadvertently creating an entry-point to the systems that cybercriminals could take advantage of. It all comes down to a lack of awareness which can put your employees at risk of making errors in judgement, resulting in information security breaches, company downtime, or financial loss. Educating staff reduces the likelihood of successful cyber and social engineering attacks. Make sure your awareness training program is capable of rolling out effective learning interventions over a number of years – after all learner engagement and knowledge retention are the key ingredients in ensuring effective awareness training and return on investment.

As specialists in awareness training, we can support your business with our online training solutions for cybersecurity and information security. Visit our Information Security collection page to find out more.

What is Adaptive Learning?

What is Adaptive Learning?

Adaptive learning (sometimes called adaptive teaching, adaptive instruction, or intelligent tutoring) is an educational method which uses artificial intelligence (AI) to present users with individually customised learning programs.

Adaptive learning works by gathering data before, during, and after the learning process and using this mined information intelligently to create optimised learning paths for each user.

Therefore, as the user continues to complete more training and take more assessments, the platform is able to identify and feed back only the content that is relevant to them, based off their performance and confidence levels. In doing so, it will also address their unique requirements and learning preferences, presenting the type of content (e.g., gamified courses, immersive learning, and so on.) that best appeals to the user and that they have engaged with well in the past.

In other words, adaptive learning platforms can automatically and intelligently determine which learning content, activities, and techniques will benefit the learner most and provide the best learning results.

Business benefits of adaptive learning

Adaptive learning is being increasingly used by businesses for mandatory corporate training – particularly that which, in the past, may have seen lower engagement or retention levels from employees. After all, it can feel frustrating to go over old learning content that you already know when you have a job to do!

It’s easy to see how adaptive learning can save time by allowing learners to bypass information they already have a clear understanding of and by presenting only the information necessary to become more competent or to upskill them.

Ease of use

Adaptive learning happens automatically and with minimum human intervention, so it’s a great tool for Learning and Development Managers to utilise as it affords them more time to focus on their goals and the success of their employees.

What’s more, adaptive learning can be rolled out quickly, with minimum hassle, and in direct response to any key-risk areas identified – so it’s useful for organisations that want to remain agile and responsive.

Improved knowledge retention

High engagement means higher knowledge retention and by utilising and suggesting a variety of learning styles, adaptive learning can be used to increase knowledge retention by presenting learning content in the styles that best suit the individual learner.

Additionally, it doesn’t devalue employee time by forcing them to complete unnecessary training, so adaptive learning has the added benefit of increased morale and commitment when it comes to training activities.

Increased ROI

Training is designed to add value to your business, not detract from it. Adaptive learning means you can reduce the time spent on unnecessary training and training administration, resulting in increased productivity and better informed, more motivated employees. It can also help to minimise the cost of external recruitment since members of staff progress organically, at their own pace.

To learn more about our adaptive learning product offering, please visit our Collections pages.

Exciting News! DeltaNet International joins the Marlowe PLC Group

Exciting News! DeltaNet International joins the Marlowe PLC Group

As we head forwards into 2021, we’ve got some very exciting news to share here at DeltaNet International. We have joined forces with Marlowe PLC to form its eLearning business.

Marlowe are a UK leader in business critical services and software which assure safety and regulatory compliance. The acquisition will bolster the Marlowe group’s market leading position in the UK Health and Safety market and Marlowe have made a significant and exciting investment in the future of DeltaNet International.

Speaking on the deal, our MD, Darren Hockley said:

“This acquisition is very important for our continued growth and we’re pleased to align ourselves with a well-established presence like Marlowe. Businesses are increasingly looking to work with companies that deliver a broader, more comprehensive service and collectively we can now fulfil more of their needs.

“We are proud of what we’ve achieved together since 1999 and equally excited about what lies ahead, where we are taking the company, and how we are looking after our clients. We have exciting plans for the ongoing growth of the business this year and beyond.”

We’re also pleased to congratulate Stacey Taylor on her new investment as a shareholder into the business. Our newest Board Member, Stacey currently heads up our Content Team and we’re looking towards a very bright future under her lead.

Watch this space!

Now Available – New Data Protection Collection

Check out our brand-new Data Protection Collection – the third Compliance Collection we launched this year. An innovative new approach for keeping awareness training programmes fresh, year on year.

Mitigating the Risks of Data Breaches

Last month, British Airways was fined £20M over a data breach that took place in 2018. While Marriott Hotels was fined for £18.4M for a cyberattack and resulting data breach between 2014 and 2018.

Data breaches and the resulting lapses in compliance with regulations can have a devastating impact on businesses – from a severe financial penalty to loss of customer trust and reputation. It is more important than ever to consider compliance with data protection regulations and incorporating a ‘privacy by design’ policy when it comes to processing data for business.

Awareness training is key in educating employees on the importance of data protection, the regulations that they must comply with, the rights of individuals whose data they process and mitigating the risks of data breaches.

New Data Protection Collection

Create a cost-effective bespoke training solution using our off-the-shelf products. Our Data Protection Collection offers a holistic solution covering a range of learning styles – combining detailed study, immersive learning, microlearning and toolbox talks to keep learners engaged. Also included for free are a number of communications resources which can be printed out or displayed in the workplace digitally to reinforce key messaging.

By rolling out effective learning interventions over a number of years and targeted messaging, our Collection can help boost learner engagement, promote knowledge retention and embed a culture of compliance.

Collections are designed to offer a highly flexible, easily scalable, and agile alternative to traditional online learning.

What’s New?

Detailed Study

We updated our detailed study courses to ensure that best practices on data protection are relevant for all organisations. The updated courses introduce and raise awareness on the importance of data protection regulations, including the difference between types of data, individual rights under data protection regulation and the eight principles of data protection.

Immersive Learning

We updated our immersive learning course on Preventing a Data Breach. The new course is scenario-based and highly gamified – placing the learner at the heart of the experience and testing them on their ability to make the right decisions on data protection. Raise awareness on the consequences of data breaches and the best practice to follow when handling personal data.

Diagnostic Assessment

Introducing a comprehensive diagnostic assessment that creates learning paths based on each learners’ knowledge and awareness levels. Learning paths for each topic are then designed in direct response to the needs and knowledge-gaps identified for each employee or team.

The new Diagnostic Assessment is a short quiz to measure the learner’s understanding of data protection and automatically create enrolments onto relevant core Take 5 courses. The assessment is useful for assessing individual training needs, offering valuable insight into common training gaps with targeted interventions tailored for each employee.

The Diagnostic Assessment is exclusively available for xAPI courses, utilising the auto-enrol functionality powered by our Astute LXP’s AI engine.

Microlearning

In addition to updating all of our existing microlearning courses, following are the new additions to the Collection:

Toolbox Talks

Two new Toolbox Talks designed as blended training courses for small groups or teams. Each Toolbox Talk includes downloadable facilitation notes.

Get a sneak peek at all the new courses on our Data Protection topic page or request a FREE demo. For more information on the new collection, download the Compliance Collections brochure for Data Protection.

Working with the Modern Slavery Act

This training film provides a comprehensive introduction to the UK Modern Slavery Act and what it means for businesses operating in the UK. Modern slavery happens around the world and across a range of industries, from construction, farming and domestic work to mining, manufacturing and supplied labour.