Reducing risk demands effective training
Firms are waking up to the fact that you cannot reduce the risks your organisation faces by simply providing eLearning that ticks the boxes.
We’re working with smart companies, who are no longer giving their employees repeated hours of mandatory training. That was the old world.
In the new world of risk reduction:
- Effectiveness is the only measure
- Behaviour change is what is important
- Training is relevant, delivered at the right time and at the point of need
- Training is driven by risk
- The needs of employees are at the heart of it
Your people are your greatest asset. And your biggest liability.
Even though many businesses spend considerable sums on cyber security, phishing scams continue to thrive. The reason is simple: Cyber criminals probably won’t hack firewalls when all they need is a vulnerable employee. The fundamental reason I see for why enterprise security fails against advanced cyber attacks is not lack of competency but lack of awareness training and policy-setting among employees.
Data privacy – GDPR
And whilst most companies are GDPR compliant, they fail to realise that GDPR is a process not an end point. It only takes the oversight of one employee and you could have a data breach on your hands with expensive consequences both financially and in terms of reputation.
Ethics & Compliance – Business Integrity
We take a behavioural approach to compliance communications and training. That means we try to work with how people actually are, not how we’d like them to be.
We’re realistic about the fact that employees are busy, distracted, and overwhelmed with day-to-day tasks. And we recognise that even when employees want to do the right thing, they often don’t. Not because they’re bad people, but because they simply forget or rationalise it in the moment. Context is everything.
Compliance is about doing the right thing, not just knowing about it. So traditional eLearning alone is not the answer. Culture only changes when managers and employees are driving the conversation – not the Compliance function.
What we do >>