Note: This article was published on the Tortal Training Blog in 2015. We are reissuing it today because protecting company data has become even more challenging today than it was then . . . and probably more complex than ever before.
Data security has come a long way since December 2005, right? That was the month when somebody popped open a car trunk and stole a laptop that contained the records of 230,000 Ameriprise Financial customers. Suddenly, data security became a big concern, executives heard the word “firewall” for the first time, and companies scrambled to protect themselves.
But how much has computer security really improved? You have to wonder. As recently as January 2014, the records of 74,000 current and former Coca-Cola employees were compromised when laptops were stolen from company headquarters in Atlanta.
That’s really bad. But the most pressing question is, how secure is your company data? And because we are a training company, we need to ask . . .
Are your training platforms exposing your company to attacks from hackers?
It’s a troubling question, especially if you deliver training to employees in multiple locations:
- Your trainees are logging onto Wi-Fi in Starbucks and other public places across the country. Does that expose you to risk?
- You’ve got a powerful new distributed system that lets employees do their training on their smartphones. But is that safe? What if one of your trainees loses a phone? Does that put your company data at risk?
- You maintain stringent security in company headquarters, but what’s going on in your regional offices? Can you be sure that laptops and workstations are secure? Remember the hard lesson that Coke learned when company laptops were lifted in Atlanta.
Proactive Steps to Take
It’s reassuring to know there are ways to make sure remote laptops, tablets and phones do not give hackers access to your company data. Here are some defenses to keep in mind:
- Remember, the cloud can be a great defense. When your training materials reside in the cloud – in effect, on servers that are maintained by your training company, not by you in house – it is virtually impossible for hackers to use them as entry-points to get into your company’s servers or company records. And if your training modules are organized in separate “silos” so that trainees can access only one training area at a time, you have even more security.
- Be sure that trainees are using two-step encrypted passwords to log into your system. “Two-step” means that each trainee must enter two individual credentials to start training – such as a username and a strong password that passes muster. “Encrypted” means that the username and password are “scrambled” so they cannot easily be copied over Wi-Fi or by remote hackers. Also, let trainees know that they are required to log off as soon as they complete different training units. That prevents phone thieves from stealing phones and having easy access to your training materials.
- Make sure robust security protocols are being followed in all company locations. You know your company and its structure better than we do, so you know the obstacles you might be facing in this area. To make sure that protocols are followed, you might have to deliver regular security training to divisional or regional supervisors. You might also need to have your training director take on the role of security officer by making sure that company security directives are being followed.
Prevention Is Better than Fixing a Breach
One certain thing is that it is much better to take preemptive steps to protect your security than it is to repair the damage after a breach has taken place. When selecting a training development company for distributed training, the best course is to choose one with the expertise to build security defense into your plans from day one.