Handling a hack: Data security elearning

Posted on Nov 11, 2015

Elearning

In a connected world where data is one of the most precious resources for any business, cyber-attacks are becoming more common.

From major government leaks to hackers targeting corporations, all L&D departments should be helping to prepare for a potential data breach.

We’re focusing on the strategies that you can put in place to ensure the best performance of your staff, from frontline to management, before and immediately after a hack.

Preparation

There are many types of cyber security breaches.  The highest profile examples tend to be outside agents attacking or stealing secure data, but perhaps more common are simple lapses in protocol or mistakes in securing data.

There’s no one-size-fits-all approach to dealing with an area as big as cyber security so being able to offer a cost-effective, versatile approach is key.

Elearning has the flexibility to make preparation for a hack easier and more effective.

Types of elearning that will help:

  • Induction

During induction or onboarding you can build a sense of loyalty and responsibility in your staff, a culture of accountability. Many security breaches come from an inside source either willingly giving up information or accidentally losing important hardware.

With a good induction programme in place you can encourage new starters to take data security seriously. It’s also an opportunity to explain what data the company stores, how important it is and what precautions are taken to protect it.

We have lots of information on how induction can reinforce a culture of responsibility. Find out more on our induction page.

  • Compliance

The basic groundwork for knowledge around a data breach is usually dealt with by compliance training. Compliance elearning can give your employees the general knowledge they need to quickly get up to speed on the specifics of an event.

There is an argument that everyone in the business should have a good basic understanding of the data that is held in the company and what the regulations are around protecting that data. Elearning makes it easier to deliver this message consistently.

Consider updating your compliance elearning regularly by having an easily editable course which presents the latest information.

Having bespoke compliance elearning around data security allows you to give specific, relatable examples to your staff which will be key to helping them understand the unique data situation of your business.

  • Soft skills

If you have customer facing staff they will have been trained on handling customer’s concerns and often the basics of data protection too. This should provide a good grounding for dealing with general enquiries.

It’s not just customer facing staff who will be dealing with an extraordinary situation. Intermediate management will also need to be primed with the skills they need to support frontline workers.

Any crisis in a business can reveal gaps in the skills or knowledge of employees so it’s important to take any opportunity to prepare for these situations.

  • Simulation and serious games

Experiencing a crisis before it happens, with the ability to make mistakes without fear of doing any damage, is an effective way to prepare staff.

Real world events can be simulated within software to allow employees to understand the consequences and the possible outcomes. This type of elearning can incorporate many levels of employees and even external factors like social media and press can be reproduced to add realism.

After a breach

Experian’s data breach response guide (PDF) lays out how to set up a plan for dealing with the various stages of a data security breach. Naturally, creating a plan and preparing for a potential breach is a big part of the guide.

Most experts agree that being open and honest about the breach as quickly as possible is the best tactic to limit damage to a company’s reputation. In order to get the correct information out to the people who need it staff will need to be informed about the specific circumstances as well as the fundamental issues.

A responsive, easy to update elearning module can be one of the most effective ways to get the message out.

There are ways that elearning is especially useful when dealing with situations like this:

  • Just in time learning

By getting the information out quickly and updated regularly, with a suitable LMS (Learning Management System) acting as the foundation, you can quickly disseminate information to all your staff.

Leading figures will need to know the information that frontline staff are passing out to the customers. If the same training course can be accessed online by top level managers they can get a clear idea of what the customers are going to be told.

Communicating clearly and consistently is one of the best ways to limit potential reputational damage and elearning is one of the best ways to keep everyone on the same page. Not only can you have one course for everyone to access, it can be tailored to individual needs.

With the tracking built into an LMS, you can tell who has taken the training and remind anyone who hasn’t to take the course, ensuring that the latest information reaches everyone who needs to see it.

  • Video

Sometimes the best way to get information across quickly is to talk to your employees. If you can’t do that face-to-face then video could be the next best option.

Distributing video is as easy as adding it to your LMS or putting it into a new course.  Any video that is aimed at the customers can also be made available to staff in the same place.

If your business relies on customer data (and most do) your staff should be in a position to answer questions on what happens if a breach takes place.  A bespoke elearning solution can help prepare staff in the event of a breach and help them deal with the aftermath.

We produced our own cyber security module as an example of how multi-device elearning can help your organisation prepare stay cyber safe.  Follow the link to request access to the demo or contact us using the button below to discuss your cyber security training needs.

Ask an expert

Jason Plunkett, Senior Solutions Advisor, Sponge

Working with large, global organisations, Jason advises on appropriate learning technologies that match specific needs and challenges.

He specialises in the pharmaceutical and healthcare sector as well as cyber security and data protection issues.

Contact

You may also be interested in