What You Can Do About The 3 Greatest Virtual Training Security Threats
It’s funny. When I ask people if they ever think about virtual training security, they often come back with the same thing: “You mean, do we have virtual training sessions about security? Yes. Yes, we do.”
It pretty much answers my question. Organizations may be conducting online training sessions to educate their workers about information security, but they aren’t giving a lot of thought to how secure the sessions themselves are. Here are 3 reasons why they should.
1. Threat Of Hacked Content
Compromised training info may not seem like a scary threat. But think about it. These training sessions share data about an organization’s strategies, processes, customers, products—you name it. They’re not just casual video conferences. They might include competitive positioning or merger and acquisition plans. And the security threat goes beyond corporate data. What about the knowledge and coordination being communicated among government organizations? What about the very agencies whose mission is to keep citizens safe? What about military training courses? Power grid operation training?
These are details about our nation and its infrastructure that could be used by an enemy against the state. And since these sessions are often recorded, archived, and indexed for future reference, the information isn’t exposed just once. Whether the data is deliberately hacked or inadvertently mishandled, its exposure puts the organization, its people, and the people they serve at risk. Will it be used by a competitor to anticipate your every move? Will it be posted on Wikileaks to unveil a government agency’s secrets to the world? And what will the motive be? To embarrass? To blackmail? To kill?
2. Threat Of Leaked Content
It’s not just the kind of information that renders shared online content a security risk. It’s the power of the flexibility of the online tools themselves. If you email out an invite to a WebEx conference, how do you know that email wasn’t compromised? What about the numerous people who write their passwords on a sticky note attached to their monitor? How do you know the slides you presented weren’t saved onto a laptop that was later lost? If it’s sensitive information, do attendees have the right NonDisclosure Agreement in place or appropriate security credentials?
In fact, consider this:
Last month, we surveyed 500 workers about their eLearning experiences. 68% said their training sessions tend to include sensitive company information. Of course, there’s nothing surprising about that. But when we asked them whether they would ever share confidential information from a training session just to help out a friend—regardless of whether he or she worked for a competitor—do you know what we found? 13% of the workers we surveyed wouldn’t have a problem with it. On top of that, 21% weren’t sure whether they had a problem with it. That means 34% of your workforce might not have a problem with sharing your corporate secrets.
It may not be their problem. But it’s certainly yours.
3. Threat Of Disruption
There’s yet another side to the eLearning security threat: disruption of business which are high-consequence, such as healthcare or financial institutions.
What is that, exactly? It’s online training or collaboration that could have devastating consequences if improperly conducted. We’re talking about failures that could sink a company. Mistakes that could take a life.
For many, virtual training can sometimes be a periodic and relatively non-critical affair. I’m talking about “Brushing Up on Best Practices for Customer Service” or “New Goals for the Business in 2017”. Important? Absolutely. Life threatening? No. Something could come up, and such sessions could easily be rescheduled with very little if any negative impact.
But, what about hastily arranged web conferencing sessions like “The Food Protection and Defense Institute: Update on Our Response to the Ebola Crisis”? Or “TSA: New Security Vulnerability Uncovered”? These are high-consequence virtual training and collaboration sessions. They have to occur on time. They have to occur without a hitch. If they don’t, rapid knowledge transfer is disrupted, putting the health or existence of certain organizations and even people at risk.
Protecting an organization’s ability to conduct their online training sessions without fail sounds easy, but it isn’t. These are incredibly complex projects. Powering them not only means meeting perfect reliability and performance standards, it means providing a layer of security and compliance that ensures the information being discussed, digitized, shared and stored is safe. It means ensuring sensitive data never falls into the wrong hands.
Securing Your Sessions
Of course, one of the great benefits of online training is you’re able to quickly, efficiently disseminate information. But, without the right security infrastructure and protocols, it’s easy to put that knowledge in the wrong hands.
So how are government and other highly security-sensitive organizations combating this? They’re:
- Only allowing registered attendees that they invite to meetings.
- Setting passwords for specific meetings versus relying on the same password over and over again.
- Instructing trainers to hand select who they let into rooms.
- Setting rank-based permission levels - i.e. low level users only have access to Tier 3 content while high level execs get access to Tiers 1-3 (this could apply to both live and on-demand content).
- Implementing Single Sign-On, letting IT admins quickly reset or revoke users with a single stroke across all company-owned properties.
- Auditing records.
- Requiring the security access cards or badges that govern their physical movements to access their virtual ones (card readers are installed at their computer terminals).
Remember, in today’s digital era, information is our weakest link. This makes online training sessions an especially vulnerable target, because not only is information transfer their sole purpose, too many organizations aren’t working hard enough to keep them secure.
I hope this article can help change that.
