As a teenager I applied for a job as a cashier at a major high-street pharmacy. The first round of assessment, with compliance in mind, was an online quiz on good practices and ethics. We had thirty statements and had to give a true or false answer to each. One of the statements was:
True or false: “It is always wrong to steal.”
Quite a stupid question to offer a generation that grew up on Aladdin!
And so, within minutes of interacting with an employer I was being trained to lie to them. Rather ironic for a test designed to ensure quality of character. In comparison, I applied for a similar position at a popular British department store. They had an excellent test that put you on the shop floor with day-in-the-life challenges. I tried to follow the same line and rightly failed. Their ethics test was good, it filtered for dishonesty and heartlessness.
And yet, even as good Instructional Designers, we all too easily fall into the trap of writing compliance interactions like this:
It’s almost the end of the year. Soon, you’ll be enjoying some down time with your family and friends, and having a break from your manic routine! You really need it, especially as last week, you had the mother of all incidents at your company when someone managed to send a data file of all your customers to your supplier. That was more than a cold shower, given all the time and money you’d spent on your compliance training strategy! And now, you have to find an appropriate solution to cope with the first visible disasters that have arisen, and all before the office closes this Thursday….
If this sounds familiar then I might be rubbing salt in the wound here, but there’s at least three ways you could’ve avoided this.
It’s Monday morning in the busy life of a compliance officer. Fresh off a great Strictly weekend (you still can’t get over Helen’s exit) you are absolutely raring to go, ready to attack the week. As your monstrously slow machine turns on a flood of emails appear. There has been a breach, the mother of all breaches, the Titanic of all breaches. “How has this happened?” you wonder aloud, “we’ve just rolled out a suite of information security elearning!” “We’ve blown most of the compliance budget on these courses” a nearby colleague mutters grimly.
With seemingly a breach every week since October, I’m sure this is a scenario that has played out in many organisations. But the fact is information security is changing.