5 Ways To Keep The Hackers At Bay……
Hacking and online security breaches are often in the headlines. So how can you make sure that when you’ve put an online system in place you make it so hard to hack the criminals give in and move elsewhere on the web? Unicorn Director, IT, Stuart Jones provides his top tips for online peace of mind.
Unicorn specialise in eLearning solutions for the financial services industry including a number of well-known banks and insurers. As you can imagine these customers have very high data security requirements.
So here are my top tips for securing your eLearning solutions based on our experience at Unicorn providing robust and scalable platforms to our clients.
1. Get ISO 27001 certification
Getting ISO 27001 certified helps with so many aspects of your information security. The process you go through means reviewing and often improving every aspect of how you operate. ISO27001 takes a risk-based approach to managing information security. It includes identifying and mitigating potential risks and vulnerabilities. This will range from recruitment, identifying IT vulnerabilities to ensuring you have a robust and well tested business continuity plan.
Maintaining ISO27001 accreditation involves regular audits verifying everything is working well and external audit checks every year to ensure that your information security management system maintains a high standard and continues to improve and adapt to an ever changing world.
For your customers, choosing a supplier with ISO 27001 accreditation provides a strong degree of comfort that the organisation you are dealing with takes information security seriously and to internationally recognised information security standards.
2. Deliver securely online
When delivering online learning solutions we highly recommend implementing encrypted communication (HTTPS). This ensures any data transferred between the user’s web browser and the learning management system is encrypted.
We also recommend removing support for old, less secure versions of SSL which are now considered to be vulnerable to attack.
3. Secure your data exchange
Integration between various systems is an important requirement facing today’s providers of performance management platforms. Increasingly this will include integrating with third party Software as a Service style solutions. It is critical that any data exchanged between systems is done securely. If integrating via modern APIs this includes using HTTPS with strong authentication. If achieved by file exchange, which is probably more common, then we recommend Secure FTP or similar. Secure FTP is like FTP (file transfer protocol) but is done over an encrypted channel to protect it from attackers.
4. Regular penetration testing
Get your online solutions regularly penetration tested by expert security companies to identify potential issues and help resolve them. Regular testing provides validation that the system is not only secure but also ensures new functionality and developments continue to be examined. The results of testing over the years also provide excellent feedback to make your system even more secure as it evolves.
5. High availability
It is likely to be important that your online learning solutions are designed to be highly available and scalable. This means being designed to have no single points of failure, ensuring that there is no disruption to service even in the event of common hardware failures. This includes fully redundant internet connectivity, networking equipment, database services and load balanced web servers. The solution should be designed to be both resilient to failure and to provide great scalability as your needs grow – and all of this complexity can be hidden from customers by good Software as a Service providers.
6. Flexible security model
A highly configurable and flexible security model ensures the right people or groups of people access what they should and see the content appropriate for them. It is important that your solution should be easy to use to ensure that users and administrators have access to what they need to get the most from the system. However you also want to make sure users can’t do more than they need to – this will protect your system from unintended mistakes as much as anything else.
At Unicorn we are proud of the robust and scalable security practices we provide in our business and apply to our learning and performance platform SkillsServe. In an exponentially growing multi-connected world, these standards are increasingly the sine qua non for enterprise SaaS solutions. The consequences of inadequate security of personal data are too great to ignore.
So whether you are selecting an LMS or a provider of performance management solutions to business, remember the words of Henry David Thoreau “If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.”