Nile Street Multimedia Blog

Gone are the days when owners of websites could think security is not an issue for me because I’m too insignificant to hack.

For a collection of reasons there will be people constantly trying to hack every site on the Internet. If they get control of your site it allows them to do other things to other sites. They can use your site to send spam or as a means to hack other sites.

In some cases it is as simple as putting invisible links throughout your text in an attempt to improve the SEO ranking of another site.

Sometimes people will try and hack into your site just to show it can be done.

Most of our websites are built using WordPress. It is a hugely popular platform. From a security perspective the downside to this means that many many hackers will be focusing on finding vulnerabilities in WordPress. The good thing about WordPress is that the community is seriously focused on security and will patch any issues quickly and thoroughly. For you the website owner this does mean that one of the most important first steps in ensuring your site is safe is to keep WordPress, your plugins and your theme updated constantly.

Some of this updating can now be configured to be done automatically, however it is still not a set and forget. You need someone to be regularly reviewing updates and making sure everything is as current as possible.

If you search the Internet for WordPress security you will find much to read and we would recommend you do this, however here are a few basic starting points:

• Ensure you have a thought out backup and disaster recovery plan in case it does all go wrong;
• WordPress now generates good secure passwords for users, but it is important that users understand the importance of good passwords so that they do not replace a hard to remember password with something like password1;
• No site should have a user called admin. Make sure your usernames are not able to be easily guessed;
• Use a good security plugin to lock out brute force attacks and scan for code changes;
• If feasible limit access to the administration area of your site to specific IP addresses;
• Host your site with a reliable host who you are confident will have their servers well locked down;
• Make sure to use a trusted theme and trusted plugins. As a guide look at how many times a plugin has been downloaded and how recently it has been updated. If possible read the support tickets to ascertain if the developers are providing good support;
• Use an SSL certificate to encrypt usernames and passwords.

We can provide advice and appropriate services to our clients, however the most important thing is to take the issue of security seriously and not think it will never happen to me!!

As I said in a previous post it’s not only a good idea to step back every now and then and have a look at what one is doing, but also document the process. So in this post we consider how effective is eLearning.

To think about this I decided to go back and re-read the book Michael Allen’s guide to e-Learning.

Michael Allen has been championing online learning for a really large number of years and has lots to say that is really useful to reflect upon. So this is my reflections on the first half of his book. I’ll consider the second half in a subsequent post.

The following are a few quotes I have plucked out of the first half of his book which looks at eLearning effectiveness in general.

“We should not evaluate eLearning as a whole, rather we need to evaluate if a particular course is effective. Instructional design not the delivery technology determines effectiveness.”

“Effective instruction is always less expensive than instruction that does not work.”

“Boring is bad.”

“Entertaining does not equal good.”

“Employees may already know full well how to perform tasks in the manner desired, but they simply choose not to do so.”

“It (elearning) will not change behaviour when there are greater rewards for continuing the current practice.”

“Design success comes from doing three things well:

1. ensuring learners are highly motivated to learn;
2. guiding learners to appropriate content;
3. providing meaningful, memorable, and motivational experiences.”
   

Generally I agree with all the above points, however let’s consider some of these in more detail.

It is not whether online learning is effective or not. There are cases where it is hugely effective and cases where it is a complete waste of time and resources. It’s all about the ability of the course to achieve the desired goal.

The course needs to engage the learner. A learner that has been motivated to learn will compensate for everything else being average, but we are always going to struggle to achieve any change in a disinterested learner.

This brings us to the next significant point. We need to have clearly defined what we are trying to achieve through our online learning course. Generally we are trying to change the behaviour of individuals in some way, but unless we understand all the factors surrounding achieving this change we cannot design the appropriate solution. The current situation might be failing because of inadequate resources or defined work practices that are not realistic. Just producing a training course will not solve these problems. I’d have to admit that for a variety of reasons we have clients that come to us and say they want an online course that contains certain information and looks a certain way. They do not want to engage in the broader discussion of what are the course is trying to achieve and how best to achieve it. Yes, it may cost more to develop overall solutions that work, but as Michael says above this will always be cheaper than spending on something that does not work at all.

Even if we feel we have understood the problem thoroughly, involved all the stakeholders in coming up with a course that will achieve the desired change in behaviour we need to evaluate the success as fully as possible. As much as we wish we get the solution right every time, in the real world this does not happen. So the process needs to be define, build, evaluate, redo. How a plan is to be evaluated needs to be considered at the start not as something tacked on the project at the end.

I wish it was was always possible to do all the above, however recognising what we would like to do is always the first step to doing it.

I was just reading the blog post by Tom Kulhmann on building one’s portfolio.  It made me reflect not so much on the need to develop one’s skills and experience as a freelancer, which is a given, but rather the need to document this ongoing process.

Yes the portfolio is useful when talking with potential new clients, but more to the point with time short and the huge need for continuous learning, a more structured approach will make this more effective. It is pretty much a given that more structured approach is code words for better documented.

It’s like business reports. A large part of why we are forced to writing reports is that it forces us to clarify our thinking about a subject. Often half way through writing a report one stops and thinks, but maybe I should have done X instead of Y. The documenting of the project makes us exercise rigour.

Many many years ago when I first started my career as a mechanical engineer I worked with a very experienced engineer who taught me the value of thoroughly documenting projects as we went. This was not overly formal, but over time the benefits in keeping a written record of the thread of logic in complex projects made it easy to backtrack to specific points. The process of writing it down kept one continually reassessing the direction. All in all the small amount of extra time on an ongoing basis was well worth it.

Over the years as I have moved into eLearning and web development although we still document what we do, the electronic nature of things has meant I tend to document just what we plan to do or what we have done rather than why it was done. Writing this makes me think I should spend more time recording the why.

So what has this got to do with keeping a portfolio I hear you ask?

Well Tom’s post made me think I need to record the personal and business progress in much the same way that one would document a project. I should record the learning, the conclusions, the experience, the logic of what we are doing.

As a freelancer nobody pays us for our learning and development time. This means it is our own rigour that ensures we spend the time in the best way possible for our own skill development.

By putting some more rigour in this I will make my personal development time more productive. This should then be to the benefit of our clients as well as myself.

One of the ways I’ll do this is by writing more blog posts about the process.

When we produce online safety induction training our clients have varying strategies as to the best way to ensure the competency of the learner.

The most traditional approach is to to present the material and quiz the student using multiple choice answers. The student is given one chance to get the question right and then at the end of the course if they exceed a certain passmark then they are deemed competent. There are two main problems with this namely:

• Although the learner exceeded a pass/fail threshold the one question they got wrong might be a critical piece in ensuring their health and safety in the workplace. One solution to this is to make particular questions mandatory.
• From an online training perspective we are not taking full opportunity of our ability to tailor the online safety induction training experience to the learner. We should be able to assess that a learner has misunderstood a particular piece of safety information and present the material again in a different way. Then we can reassess if they have understood with a subsequent quiz.

A very simplistic solution to ensure the learner completes the online induction with 100% success is to enable them to do each question multiple times until they get each question correct. This really does not ensure the competency of the learner as they soon understand that rather than thinking clearly about each question they can just keep selecting an answer until they get it right. The box may be ticked but our overall goals are unlikely to be achieved.

A more thorough approach is to use the quiz once, pass or fail a threshold and then manually review with the learner the questions they got incorrect. In most cases the online safety induction training is complemented with a face to face site induction and this an be an ideal opportunity to review the missed items. The drawback is that from a system point of view we are relying on a follow up that may or may not occur.

Our best online solution is to present the material in an effective and engaging way and then test the learners understanding. If they have misunderstood something then to go back and recover it so as to ensure a proper grasp of the issue. This way when the learner has successfully completed the online induction we are confident in the competence of the person. That said there must be a limit to the number of iterations that are feasible and in a few cases we may have to accept defeat and fail the course participant.

To create courses with this level of sophistication a tool like Articulate Storyline which is why we are an Articulate Storyline Developer.

There is a final bit to this puzzle and that is that we do need to have methods of assessing in an overall sense how well our course is designed and implemented. Part of this is looking at external factors that we are trying to improve through our online safety induction training but also looking at the course we have designed. For example if learners are regularly getting a particular question wrong then we need to look at whether the material is confusing or even if the question and choice of answers is ambiguous.