Risk mitigation: 5 creative ways to build a compliance…
2nd May 2019
In today’s corporate climate, reputation is everything – as some of the biggest names in business have learnt to their cost. Whether it’s data and cyber breaches, inadequate health & safety policies or poor workplace ethics, no one’s too big to see their reputations crash to the floor. Hefty fines have been dished out in high profile cases, but the greater loss is the damage to reputation and the knock-on effect for business.
Incidents such as these do nothing to dispel widespread public concern. In the UK, only 34% of people trust organisations with how they store and use their personal information (ICO).
The introduction of GDPR has further put the spotlight on organisations and suddenly, compliance has gone from being a box-ticking exercise to a business differentiator.
Your people are your firewall
Detailed analysis of security breaches reveals that people are the biggest vulnerability for organisations. No wonder Elizabeth Denham, the UK’s Information Commissioner, has stated: “Staff are your best defence and greatest potential weakness – regular and refresher training is a must.”
Training staff, and keeping the training up to date, should be the number one priority in transforming the weakest link into the strongest firewall. Sadly, however, many compliance training programmes are missing the mark. Research by Towards Maturity on global compliance programmes found that 56% of businesses cite user engagement and 46% identify dull and boring content as barriers to compliance training success.
With the threats constant and evolving, managing risk has never been more complex, and a fresh approach to compliance training is clearly needed.“Staff are your best defence and greatest potential weakness – regular and refresher training is a must.” Elizabeth Denham UK Information Commissioner
5 ways to transform compliance in real life
Sponge has created a game specifically to help employees spot the signs of a cyberthreat and confidently take the necessary steps to protect the business. Cybersecurity Sorted is a seriously engaging training game that turns the people working in your organisation into your first line of defence. Players learn by dealing with real-world scenarios within the game, enabling them to embed deep knowledge that they can then apply immediately in their job to keep the company safe. Using the same principles, employees can also learn about the new GDPR rules in a data protection version of the game.
The UK’s pre-eminent postal organisation, Royal Mail, is using interactive 360° VR to deliver dog safety awareness training to its postmen and women. Real life stories and scenarios are used in the immersive and experiential learning, which harnesses latest technologies in a cost-effective way.
Supermarket brand Tesco wanted to roll out a global compliance programme that was more effective, engaging and relevant to its employees than previous training. The aim was to embed compliance behaviours across the workforce. A campaign was built around bite-sized modules to make the learning more focused and memorable. The learning achieved unprecedented levels of engagement among thousands of employees in 11 countries.
Global biopharmaceutical firm AstraZeneca used digital interactive learning to embed an ethical culture into the company’s DNA. The learner-centric approach conveyed key concepts through video scenarios that prompted an emotional response in employees, regardless of where they worked in the world. Results: 90% felt very or extremely engaged with the learning and 86% felt their understanding of AstraZeneca’s values had increased or greatly increased.
From boring to brilliant … Southern Health NHS Foundation Trust used gamification to transform its compliance training for 7,500 health staff across multiple locations. Responsive elearning modules brought 13 compliance topics to life and delivered the learning to fit in with each employee’s shift patterns. The learning wasn’t just engaging, it also saved £1.5m in efficiencies and saved 12,000 hours.
Get creative to cut the risk
For a lasting compliance culture, companies must ditch training that fails to engage staff. What’s needed is relevant and inspiring learning that uses the latest techniques and technologies so that employees want to do it. Then, keep the learning going with continuous reinforcement.
Risk mitigation, done creatively and effectively.