Engage in Learning and the ‘Digital Marketplace’?
To ensure that all workers give of their best in any and every situation, it’s important for their managers and colleagues to be completely – and truly – rational, objective and unbiased in their treatment of them.
Some £58bn was spent via credit and debit cards in the UK in April last year - some 6.8 per cent more than was spent in April 2016 - according to the UK’s Office for National Statistics.
While this might appear to offer increasing opportunities for card fraud, these opportunities are being minimised by the Payment Card Industry Data Security Standard (PCI DSS) – and by related learning materials, such as those launched recently by Engage in Learning.
The worldwide PCI DSS - which aims to help prevent card fraud and enable organisations to process card payments securely - is the result of collaboration between the major credit card brands: American Express, Discover, JCB, Mastercard and Visa. Complying with PCI DSS means that an organisation is doing its best to keep its customers’ information safe, secure and out of the hands of those who could use that data in a fraudulent way.
Anyone accepting a card payment is responsible for looking after that customer’s card data, regardless of who processes the data for that person’s organization. Moreover, those accepting card payments must comply with PCI DSS. It isn’t optional.
The Engage in Learning PCI DSS eLearning programme explains how the payment card system works; sets out the PCI’s requirements for organisations that process card payments, and outlines what those who handle payment card details need to know to ensure that they handle payment card data securely.
Intended to protect sensitive cardholder data, the PCI DSS has 12 high level requirements, encompassed in six categories:
1. Build and Maintain a Secure Network - install and maintain a firewall configuration to protect data. Don’t use vendor-supplied defaults for system passwords and other security parameters.
2. Protect Cardholder Data - protect stored data via encryption. Encrypt the transmission of cardholder data and sensitive information across the public net.
3. Maintain a Vulnerability Management Program – use, and regularly update, anti-virus software. Develop and maintain secure systems and applications.
4. Implement Strong Access Control Measures - restrict access to data by business on a need-to-know basis. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
5. Regularly Monitor and Test Networks - track and monitor all access to network resources and cardholder data. Regularly test security systems and processes.
6. Maintain an Information Security Policy - maintain a policy that addresses Information Security.
ECSC, the UK's longest running full service information and cyber security service provider, has reviewed and verified this course.
The coffee giant Starbucks was at the centre of a huge race relations row recently when two black customers were ejected from the store by the Manager after he refused to let them use the toilet.
It's not all doom and gloom! The positive opportunities that can be created with General Data Protection Regulation compliance actually allow you to drive operational and brand enhancing benefits. It's time we moved on from the warnings and the negativity of highlighting threats of fines, and draw attention to the positive opportunities that can be created by leveraging GDPR compliance.
As platinum partners of Totara, we get super excited when we hear that they have just announced the release of Totara Social 3, the third major release of the enterprise social learning platform. The new release of the enterprise social learning platform comes with a host of new features designed to enhance the social learning experience, the UX and the functionality of the platform.
The General Data Protection Regulation raises the bar for compliance, including a wider definition of personal data, tighter limits on its use and giving individuals more rights. This is a major challenge for all organisations yet, despite so many on-going information campaigns, around a third of company directors and senior managers are still unaware that the shake-up will affect them. With less than three months to go, this is now becoming a potentially dangerous situation for organisations and end users alike. Getting high quality, auditable training in place for all staff is imperative.
WILL YOUR STAFF BE READY FOR THE CHANGE?
eBook - 12 tips for improving eLearning uptake
The General Data Protection Regulation replaces the Data Protection Act on 25th May 2018 and explicitly requires all companies that deal with or collect personal data to have staff training in place. This includes any information you may store that can identify an individual, but we're not just talking names; it can include things such as bio-metric, genetic, cultural and economic information as well as email and IP addresses. Despite these explicit requirements, many companies still believe that it's just not necessary and are leaving their organisation at serious risk of penalty.
Companies and people working in food manufacturing are being told they must pay closer attention to how they manage workplace health risks or face serious penalties, the Health and Safety Executive said on the 2nd January 2018.