Many of us work from home and use the internet on a daily basis. Just as in a city, the internet has some places that are good to be, and others that are not so good. The difference though is that, on the internet, you can be sent to one of those dodgy places from a single click.
To protect you, your family and your work colleagues, I would advise a simple strategy that works just like a castle, with multi-layers of defence.
Beaumaris Castle - from Wikipedia/Beaumaris Castle
Layer 1: Incoming traffic
Usually, all the internet traffic that comes into your house will be coming through a single connection into your router. The router maintains the link to your Internet Service Provider (ISP). Most ISP's operate as a transparent gateway onto the internet. So, what you need to do, is redirect your internet traffic so that it comes through a more secure route that you can control.
The simplest way to do this is to use a service like www.opendns.com. With a single change to your router setup, all internet traffic will go through the OpenDNS servers which maintain lists of any sites that are dodgy. You can even extend this filtering to block other types of unwanted sites.
OpenDNS is free to home users, so there's really no excuse not to make the change. Having said that, some of the basic routers that come from ISP's (eg. O2) don't make it particularly easy to change their setup. You may need to do a bit of digging on the OpenDNS forums, but you can be sure that someone will have done it already.
Once your traffic is routed via OpenDNS, then anyone using your network, whether cabled or through WiFi, will be subject to whatever filtering you've switched on, and will be protected from vast numbers of sites that are just looking to damage your equipment or your bank account.
Layer 2: Inbound email
Make sure your email provider has methods of blocking spam (junk mail) and mail containing viruses. It makes life so much easier if they can do it for you. I use Google's gmail system, which is extremely efficient at both jobs, and rarely filters out messages wrongly.
Layer 3: Your PC
If you're working on company-supplied computers, you often won't have any control over what systems are running on it. But it's still worth being aware of how to minimise the risks, when you use your own equipment.
Most modern computer systems, whether with Windows, Mac, or Linux operating systems, are at risk in some way from attacks and viruses. Your router will provide some protection, but the next stage is with the operating system itself. The actual risk varies depending on the operating system you're using. Windows is under most attack, but that doesn't mean Mac & Linux users are free from risk - it's just lower.
For maximum protection, it's worth spending money on one or two additional pieces of software - a firewall and an anti-virus system. Sometimes they come combined in the one application. There are also free tools, which are very good but perhaps without the support or service you'd get from a paid-for version.
A firewall does what it says; it stops traffic getting into your computer that might cause damage. Usually you're given the option to let certain things through if you know what they are. I still find it surprising to see how many potential attacks are thwarted by firewalls. It's because attackers are constantly using automated tools to find and exploit weaknesses.
An anti-virus tool prevents you downloading or opening files that might contain potentially malicious code. Usually they'll also try to "clean up" any infected files.
Layer 4: Your browser
Your browser is your window on the internet, and, as such, is the last layer of defence against sites that are out to cause problems.
Many of the major browsers will warn you if you end up on a web site that is known to contain malicious code. But this is only true if you keep your browser up-to-date. If you're still running Internet Explorer 6 or older (which, even now, is still quite likely if you're using a machine supplied by your employer) then you are running a very large risk every time you use the internet. It's no wonder that these organisations often make Layer 1 so secure/impenetrable as to make it almost impossible to use the internet usefully.
Often, the older browsers are kept for good reasons - as the organisation's software may only run on that particular browser version. My advice would be (if you are allowed) to use Google Chrome or Firefox as your main browser for internet use, and keep IE just for using corporate systems.
The advantages, as outlined by Donald, are compelling, but there's a huge question around security.
When you put software inside your firewall, you take responsibility for its security and the data stored within it.
How do you know that the cloud-software companies work to the same standards as you?
The good news is that most of them will probably have higher standards. For example, is it better to store personal data about school-children in a server cupboard inside a school building, or in a purpose-built data centre, with multi-layered physical and logical security and redundant systems?
The bad news is that you are still the responsible party. You will have to undertake enough due diligence on your suppliers to be able to show that you'd done everything you could to protect your data and your organisation's reputation. It's your job on the line, not the software provider's.
Some software companies are extremely helpful in this respect. They publish full descriptions of how they address security concerns, at a software level, at server level, at network level and at datacentre level.
Salesforce is a particularly good example of this practice. Their site at http://trust.salesforce.com/trust/security/ provides detailed information under a number of key headings. I've adapted these below and suggested what cloud software providers should describe at a bare minimum:
- Data centre
- Where are the data centres located? (This is particularly true if you are in the UK and subject to the Data Protection Act)
- How do you control access to the data centre and prevent physical attacks
- How do you control the environmental around the servers - temperature and humidity in particular?
- How do you ensure that power is maintained to the facility, even when the power network is down?
- How do you ensure that high bandwidth internet connections can be maintained?
- How do you detect and suppress fire?
Now, it may be that you're a small business or organisation, and the risk to you of losing some of your data is outweighed by the cost of dealing with an organisation that has all these systems in place.
But, I would argue, that, as soon as you enter confidential or personal information onto a system, you need to start thinking about these questions - regardless of how big you are.
This will probably be difficult for the smaller hosting providers, who have created a market in hosting open-source software like Moodle and SugarCRM. But they still need to consider the questions and have sensible answers about the level of risk that they are putting you under.
Any provider of cloud-software that doesn't explicitly address security somewhere on their website needs to think again. And anyone who is procuring such services needs to consider carefully the level of risk they are prepared to accept.
Other examples of security statements include:
As you'll see, they have different amounts of information available - but at least they've addressed the questions - showing that they understand the issue.
[Update: Of course, if your internal IT people are hosting software that is accessible on the internet, like cloud software, then you'll need to ask them the same questions...]
What advice around internet safety would you give to someone who is relatively new to using the internet, or social media in particular? Here's my starter for nine, followed by a link to some official advice:
- People aren't always who they say they are. That applies to websites too. Always make sure you get a second opinion from someone you trust.
- Your emails are your soft underbelly. If someone can get to your emails, they can change your password on most of the systems you'll be using. Your email password should be the strongest one you have.
- You are what you write. If you're posting on social media sites, writing comments on blogs, discussing things in forums etc, you'll build up a reputation that's based entirely on those. How do you want people to view you and the organisations you're associated with?
- Assume that nothing can be deleted. As soon as you write something, assume that it's there forever. The website owner might retain a copy, Google will retain a copy, and the Internet Archive will probably retain a copy. If it was on Twitter, it will be stored forever by the Library of Congress.
- Assume that nothing is private. Don't write down anything that might upset your children, your parents or employer. It might (and probably will) come back to haunt you. If you're not sure whether to publish, then ask someone!
- Your browser is your gateway and gatekeeper. Your internet browser (whether Internet Explorer, Chrome, Firefox etc) is the way to get to a huge range of resources. If you keep your browser up-to-date, it can also act as a very effective gatekeeper - keeping you away from sites that are trying to grab your personal details, or take over your computer.
- The risks change frequently. Make sure your firewall and anti-virus software is kept up-to-date. If you don't know what these are, then get advice and follow it.
- Backups help you sleep at night. What would you do it you computer got destroyed or stolen, or even simply broke down? Is there anything on it that would be difficult to replace? If yes, then make sure you know that there's a second copy somewhere else - preferably made automatically, so you don't have to worry about it. But make sure you can get to that copy when you need it too!
- Check everything before you report it as fact. The internet is full of hoaxes and misinformation. They are usually quite easy to check out before passing on. Just put some of the key terms into a search engine to see if any of the hoax tracking sites know of it.
I would strong recommend the Internet Safety pages put up by CEOP. And they're not just for children!
Looking around the LMS marketplace, there are lots of providers who will let you get to elearning content on your mobile device.
But I'm looking for something more like the Amazon or Ebay apps, which let you interact with the application.
For example, on a mobile device I would like to be able to:
- Search for potential learning interventions (whether courses, reference content, or experts) by topic, title, location, date etc
- Read reviews of those interventions
- Mark interventions as of possible future interest
- Book onto a face-to-face event
- Read content
- View videos
- Evaluate the intervention - using ratings and reviews
- Recommend the intervention to my learning network that's linked to the LMS
- Ask questions of my learning network
- Respond to questions from my learning network
- Create links to people within my learning network
Does anyone know of an LMS provider that understands how people use mobile devices?
A large part of my job involves evaluating software solutions - including the functionality, the interface, and the way the supplier interacts with their customers.
It seems like there are two ways of selling software: Open Selling & Closed Selling
I wonder if you can tell which one I think works best?
|Open Selling||Closed Selling|
|We'll provide easy access to a time-limited trial version (maybe with a few restrictions on functionality) so potential users can get to grips with the application - ideally with some sample data to play with.||You can only see the software in the presence of one of our solution experts - because it's too complicated for anyone to understand what the software can do|
|All reference documentation and manuals are freely available online, so you can get a good feel for whether our software is going to meet your specific needs||Documentation is only available to registered users, because we're afraid that someone else might take our good ideas|
|We'll provide access to best practice guides, and screen capture videos, so you can see what is possible||We'll write some case studies, using carefully written marketing speak, showing how some organisations have got benefits from using our software. You may see a few small screenshots.|
|Our solution experts will write frequent blog posts providing hints and tips, not just on our software specifically, but to help you do your job better.||Our account managers will visit you every couple of months.|
|Anyone can view and search our online forum, and post questions & comments about the software. We'll respond too.||There is a user forum, but only for registered users. No-one else can see it.|
|If you post about our software on Twitter, we'll pick it up and will respond.||What's Twitter?|
Some examples of companies towards the Open Selling end of the spectrum:
I'll spare the blushes of the rest of the industry that seems to think the web exists only to provide a sanitised shop window. What they don't seem to realise is that people will talk to each other anyway, and information about their product will get into the hands of competitors regardless. But they'll be excluded from those conversations.
The benefit of the open approach, is that you will end up with a far more joined up message, as your marketing, pre-sales and customer support personnel can all use the same materials, and will all be having the conversations with the market.
Read the Cluetrain Manifesto if you want more on this.
I would welcome any comments from suppliers who adopt the closed approach, because I'm struggling to see what the benefits are.
In a recent post, I discussed the five requirements a learning organisation may need to address when considering IT systems.
Over-arching these requirements are three key questions that need to be answered when putting in any IT system:
- Single or multi-user?
- Internal or external hosting?
- Multi-function or best of breed?
These questions apply almost regardless of the function of the system - whether it's content development, learning delivery, project management, customer relationship management or finance.
Single or multi-user?
Internal or external hosting?
Multi-function or best-of-breed?
I couldn't resist this:
From my perspective, inside a large organisation that delivers a full range of learning & development services, this IT Toolkit isn't just about delivery tools (such as elearning, social learning etc). It must also include the back-office tools that help such services run smoothly and cost effectively.
During the workshop I identifed five requirements for the IT toolkit, and then three key questions that may help your decision-making. This post is about the five requirements. The key questions will be discussed in a subsequent post.
I tried to avoid speaking about specific IT systems or applications, except where they were useful as examples. The decision on which is the best application for your organisation must rest on a range of factors that include your specific business requirements, cost, existing systems etc.
The requirements identified were:
- Maintain effective customer and supplier relationships
- Forecast and monitor revenue and costs
- Manage face-to-face and online delivery of formal events
- Provide learners with access to up-to-date resources
- Support informal learning
Of course, there is some overlap between them, but hopefully they provide a good framework on which to build some understanding of what you're looking for.
Maintain effective customer and supplier relationships
Any organisation, or team, that is providing a service to others, and using suppliers, needs to know whether you and your suppliers are meeting the needs of your "customers".
For very small teams with a limited customer and supplier-base, this may just be through conversations.
But, as your team grows, or your customers or suppliers become more diverse, so will your need grow for some sort of system that can help track and share knowledge about the people you're working with.
You'll need something that can help you answer questions like:
- How do you know what each individual customer needs?
- How do you know what conversations your team has had with each customer?
- How do you know how well you’re meeting that need?
- How do you know which of your suppliers is offering best value?
Often, you'll then start to think about putting in place a Customer Relationship Management system - perhaps a generic one like SugarCRM, Salesforce or Microsoft Dynamics, or one that is more specific to learning and development, like CourseBooker. The choice is huge.
This would probably happen alongside some means of collecting information from your customers, often through a survey tool. You'll need to aggregate data about what they are looking for, as well as how well you're providing your service.
There are clever ways of doing this, if you have access to the raw data... In the case of Google [See this video of the ALT Conference presentation by Sudhir Giri], they ran a full-blown Training Needs Analysis, using surveys, interviews etc, but they also analysed the terms that employees were searching for on the intranet. Comparing the two sets of results showed that an analysis of the search terms was as effective in highlighting training needs as the full TNA.
Yet, how many L&D teams have any visibility of what people are looking for on their intranet?
Forecast and monitor revenue and costs
Whether you run an internal training team that works with annual budgets, or you run a team that charges for its products and services, you will need to know what's happening with the money. You'll need to know what has happened, and have a very good idea of what is going to happen. You'll also need to know whether the money you are paying out is giving good value.
Any good customer relationship management system will allow you to keep track of future opportunities. As they become more likely to happen so the forecast revenue and costs will become more certain. This is known as the sales pipeline, and is an important part of any financial management process.
As you deliver your products and services, you'll need to ensure that you pay your bills on time and also that you retrieve any money owing to you. If you're part of a larger organisation, this should be managed through its financial systems. If not, then using a tool like Kashflow (many others are available) can make these processes a whole lot simpler.
Manage face-to-face and online delivery of formal events
For most L&D professionals, we're now getting into the interesting bits. But don't forget the back-office systems. They'll provide the foundation needed to make sure your team can be really effective in the services you provide.
However much we promote the idea of informal learning, there will always be a need for formal interventions where access to resources (whether real or virtual) needs to be managed, either for reasons of security or limited availability. As an aside, I've never understood why some people use pay grade or role as a reason to limit access to online materials!
Anyhow, we'll still need to schedule access to limited resources, such as classrooms and experts, and plan where those resources will be. We'll need to send out "joining instructions" to learners, and send out reminders as events become imminent.
And, apart from the management of access, you also may want to support your delivery with IT tools, such as virtual meeting systems, interactive whiteboards, communication & collaboration software or voting systems.
There are dozens, if not hundreds, of companies competing for your business in this area - often selling tools known as Learning Management Systems.
Or you may want to go for a cheaper option that focusses just on the specific aspects you need, eg. CourseBooker, Enterprise Study, Net Dimensions EKP etc (There are huge numbers available. Please don't take a mention here as being a recommendation!). But try to think ahead as to how your needs may develop. You'll need to be certain your supplier is going in a similar direction to you.
Many organisations are turning to the open-source world to meet their needs. Moodle is the obvious answer here. It's a great application, which I've used since version 1.0. But it's important to remember that Moodle is designed explicitly to support delivery of tutor-led interventions, in conjunction with a student record system that handles all the administration and resource management.
A number of organisations have developed add-ons for Moodle that attempt to provide the requisite administration functions, eg. (Kineo - with Totara, Moomis, Face to face module) . Or you may want to look at adapting one of the existing open-source student record systems for your purposes, although most are based around the needs of schools rather than companies.
On the virtual meeting room front there are a number of strong contenders. You could try Skype, although this tends to get blocked by a number of organisations, and does require a significant download.
If you want to avoid anyone having to install software, then use Adobe Connect. This does assume that everyone has Flash installed on their system already.
In the open-source world, we also have Big Blue Button, which is steadily catching up with the front-runners.
Provide learners with access to up-to-date resources
iPod Coverflow Interfaces are a great way of finding content. Image credit: http://www.classycode.co.uk/CoverFlow/
Those people who have already learnt how to learn will be constantly on the lookout for trusted sources that can support their particular learning needs.
If they can't find what they need, they'll go elsewhere.
So, the systems you put in place to deliver content need to be as easy to use, and as smart, as the systems your learners use in their everyday use. You will be compared with the likes of Amazon, BBC, Youtube, Slideshare etc. If the content you're providing is available more easily somewhere else, you will find your learners leaving you.
Please note, that, in my opinion, there is no difference between learning content and information content. Too often we put information content in our intranets, and hide learning content inside our learning management systems, with no connection between the two. As I've said before, I believe only assessments should be placed inside the LMS
You will need to consider the typical behaviours of a modern learner when accessing content:
They'll want to be able to get to it on their mobile device, as well as at their desk.
If it's text or contains complex graphics, they'll probably want to print it out at some point.
They'll want to be able to post a link to your resource in an email, an instant message or in your internal communication systems, and expect that recipients will be able to get to it without a lot of additional navigation.
They'll want to be able to make comments against the resource; asking questions of the author, adding additional ideas, or simply reviewing it.
They'll want to rate it or tag it - partly so they can find it more easily again, and partly to make it easier for their colleagues to filter out the good from the bad.
They'll want to be notified by email or RSS when new resources are published - ideally ones that fit a particular category or search term.
They may even want to add their own resource, for use by their colleagues. Although you might want to identify "official" resources in some way...
When considering content delivery, you will need to think about how you intend to create your content, publish it, and then deliver it.
Companies such as Xyleme and Exact Learning (formerly Giunti Labs) provide ways to create your content once and then publish it in multiple ways. That may be appropriate for you, or you may decide that all your content will use a particular format, and stick with that. Be aware though that you run the risk of seeing every problem as a nail if you only have a hammer. This is particularly true of people who have bought into elearning content development tools like Articulate, Captivate, Atlantic Link etc. They then become the default way of producing resources, regardless of whether that is the best mechanism.
In my opinion, I would always start with the learner, and consider the best delivery system to meet their requirements. But think about that alongside the types of content that I would expect to be providing for them. There is a new breed of tools out there now, including Fusion social learning and Wisetail's Learning Ecosystem, that take the best functionality people use on the wider web, and make it available to more closed groups and organisations.
Support informal learning
Informal learning is driven by need and by recommendation. To support informal learning effectively you will need to consider both drivers.
When learners need to know something, they will take one of two routes. They'll go to a search engine, or they will ask someone. The actual route taken will depend on the learner's perception of which one will offer the best answer the most quickly.
As a minimum, your systems should include a good search engine - ideally one that can search any text inside your content, and not just the metadata [link] about that content. It's not enough to say that a particular elearning module contains the information they need. They'll need to be able to get to that information quickly - not by trawling through until they reach page 33 of 45!
The more forward-looking organisations are beginning to also implement social communication tools that are built around the concept of interlinked networks. These are fantastic at allowing ideas to filter across even the most siloed organisation. [See the Deloitte case study on using Yammer].
Networks do take work to maintain - both by the individual and by the organisation (which needs to provide central resource to help the network to develop). But their value in facilitating innovation and reducing duplication of effort is huge.
The risk to organisations of not providing internal networking tools is that your employees will end up more connected with people outside of your organisation then with those inside.
The 2011 ALT Conference will start in earnest on Tuesday 6 September.
Here are some ways those not attending can benefit from the conference.
1. Conference Publications - the Conference Abstracts and the Proceedings Papers are available now as Open Access publications from http://www.alt.ac.uk/alt-c-2011/pubs
2. Plenary Keynote Sessions and Invited Speaker Sessions will be streamed, with online moderation throughout, using Adobe Connect. Go to http://altc2011.alt.ac.uk/pages/alt_live for details of what will be streamed, when, and how to access it.
3. The hashtag for the conference is #altc2011 and ALT's Twitter channel - @A_L_T - will be used to announce the starts of publicly accessible sessions throughout the conference shortly before each begins.
4. There will be a public web TV channel from the conference, with "vox pop" reactions to the conference from participants. Details to follow at http://altc2011.alt.ac.uk/pages/alt_live.
5. The full conference timetable and abstracts for all the sessions are available at http://altc2011.alt.ac.uk/calendar.
ALT does not charge for remote participation; at the same time we make no guarantees that things will work exactly as planned.
For more details about ALT and how become an individual, organisational, or sponsoring member, at an annual cost of between GBP zero and GBP 1276 per year go to https://www.alt.ac.uk/get-involved/membership
I thought I'd give a "heads-up" to those of you who are joining my session at Learning Live 2011. To be honest, the slides below won't help you very much on their own. However you might find them useful to get your thought processes started before the workshop - which will be very much a conversation using the slides as a stimulus.