Go Daddy Tackles Security Issues with elearning Solutions

Transcription

1 Go Daddy Tackles Security Issues with elearning Solutions When an employee of an Atlanta-based company unwittingly sold the personal information of 145,000 individuals to a group of criminals, not only did the stock price of the company drop nearly 10 percent in one day, but it also resulted in a $15 million fine - and irreparable damage to the organization s reputation. They aren t the first company to suffer damage due to security breaches, and unfortunately they won t be the last. The real shame, though, is that these types of devastating fiascos could be prevented with appropriate employee training. Today s realities Go Daddy, the world s largest domain register and hostname provider, takes potential threats to its customer information base very seriously. In addition to physical security and constant network monitoring, Go Daddy mandates that each and every one of its 1,800 employees receive up-to-date training on information security and data retention procedures. However, with offices in five locations throughout Arizona as well as Colorado, Iowa and Washington, D.C., the logistics of providing quality, consistent levels of training in an economically feasible manner was a bit of a challenge. Until, that is, they discovered Inspired elearning s web-based, interactive tools. About 99 percent of our employees have access to some sort of security-sensitive information, so it is imperative that they be educated properly, says Kimberly Cilke, Vice President of Human Resources. When the company had only 50 to 100 employees, it was easy to deliver through onsite classroom programs. But with the tremendous growth we ve experience over the last five years, this method was just too cumbersome. 1

2 Neil Warner, the company CIO and Vice President of Technical Operations was responsible for bringing Inspired elearning into Go Daddy. He says, Due to the nature of our business, most of our employees live on the computer and respond well to information distributed this way. I saw Inspired elearning s tools used very effectively at another company with 23 sites worldwide and knew it would be a good solution for Go Daddy. Making learning come alive Security can be a complex topic, particularly in the technology industry. And as Kimberly points out, also a rather dry subject that has a tendency to cause some folks in the back of the classroom to doze off. Inspired elearning, on the other hand, uses plain English to convey complicated messages so even new Go Daddy employees with no database or technical experience grasp its meaning. Their courses are also designed to meet individual learning styles and allow users to choose either a narrated learning module or the same course in a reading format. Graphics, animation and entertaining humor are all incorporated into the slides to keep the learner s attention. Go Daddy currently uses two Inspired elearning products. The first is a program they refer to as Security 101. This off-the-shelf solution takes only one hour to complete and has been tweaked over the last few years to include life-like simulations that directly relate to Go Daddy s business wherever possible. Specifically, the program teaches employees how to create strong passwords, protect user identities, and avoid viruses, worms and phishers. Most recently, recognizing and dealing with devious attempts at social engineering have been added to the curriculum. The second is a customized electronic adaptation of Go Daddy s data retention policies and procedures, a long document employees had difficulty plowing through. Moreover, Go Daddy could never measure how much information their employees actually understood and retained. Inspired elearning created vibrant screens and interactive module assessments to keep employees engaged while guiding them through the different classes of information and how each should be stored and/or destroyed. 2

3 How it really works Rich Van Meter, a customer care and personnel manager of 200 employees, adds, Inspired elearning tailored the programs to be more applicable to Go Daddy s environment. The courses explain why it s important to be a human firewall and why customer data must be handled in certain ways. Generic training programs run the risk of leaving an employee scratching his head wondering how it applies to them. Also, because the course can be done during work hours when there s a free moment, customers are not inconvenienced by having an employee taken away from their regular responsibilities. After signing into a learning module, the overall course objectives and subject(s) covered are clearly stated so each participant knows exactly what is expected of them. Photographs and graphs slide onto the screen and the show begins, delivering key information and knowledge in a highly engaging format. If the learner needs to interrupt the session, the program bookmarks the location and they can return to the same spot or review earlier pages when they return. At the end of each lesson, drag-and-drop or point-and-click questions ensure the user was indeed absorbing the necessary information. Users are told immediately if they answer the questions correctly and are not allowed to proceed to the next lesson until they have. The questions are not overly difficult, but Go Daddy employees are not permitted to handle any data until they have successfully passed the final test. Extra bennies Inspired elearning s programs provide a number of handy management tools as well. In addition to generating reports, it tracks employees who have not taken any required courses and sends them automatic reminder s reducing the administrative burden typically borne by HR. After successful completion of a course, each participant is also sent a personal certificate. 3

4 Inspired elearning is immensely useful in getting company messages to employees even those who work remotely or from a satellite office - in a timely fashion. We are responsible for educating our employees, but also for protecting our 4.4 million customers and the company s integrity, and Inspired elearning plays a key role in this mission, notes Kimberly. They also send a monthly e-newsletter that includes relevant news events and lessons learned to help maintain awareness at all times. Each year, Go Daddy s security committee also identifies new risks and other materials that should be included in an Inspired elearning refresher course. With these goals defined and information obtained from interviews with subject matter experts and feedback from informal surveys, Inspired elearning then creates a storyboard. Once agreed upon, Inspired elearning inserts the fun stuff and s the new training program to Go Daddy for review. We usually have about a dozen enthusiastic employees who volunteer to test market the new programs. There have been very few problems, and Inspired elearning has always been quick to work through them, Kimberly adds. She says that because Inspired elearning so effectively covers security and data retention, Go Daddy has been able to better utilize onsite classroom time to develop leadership programs and specialized training for their highly skilled software developers. The high level of employee training helps in recruiting top talent and in meeting Go Daddy s well publicized security policies too. Beyond the virtual classroom Many industries are now subject to mandatory security-related regulation. HIPAA laws, for example, protect patient privacy in the healthcare industry. Sarbanes Oxley (SOX) holds upper management of public companies responsible for their financial statements. All of this is dependent on the company s data being properly protected so there is a high comfort level that it is accurate, adds Martin Rico, founder and CEO of Inspired elearning. Inspired elearning helps companies meet their security objectives. 4

5 For Go Daddy, Inspired elearning solutions also satisfy their Payment Card Industry (PCI) employee audit requirements for web-certification. This worldwide data security standard was established by the major credit card companies as a guideline to help organizations that process payments prevent credit card fraud, hacking and various other security issues. GoDaddy deals with a lot of personal information and is needs to make sure the data is well protected. Hackers are out there all the time trying to obtain passwords, plant all sorts of nasty software, and make it look like it was done by someone else, concludes Neil. We have to be on the cutting edge to adequately fight these attempts. User response to Inspired elearning programs has been very positive, and we continue to evaluate other subjects that might be suitable for this venue. Go Daddy prides itself as being an inexpensive, easy-to-use one-stop shop for businesses and individuals wanting to establish, maintain and evolve an online presence. But affordability doesn t mean it goes cheap on quality. Go Daddy is an industry leader in the fight against spam, phishing, fraud and other abuses that threaten the online experience. Inspired elearning contributes to Go Daddy s success, which currently equates to about 40 percent of the domain market share - and still counting. Sidebar: About Go Daddy Founded by Bob Parsons in 1997, The Go Daddy Group has grown to include more than 23.5 million domains under management. Go Daddy offers a complete product line, including comprehensive hosting solutions, Web site creation tools, Secure SSL certificates, personalized with spam and anti-phishing filtering, e-commerce tools and more. The company is widely recognized for its success and has having been ranked #8 on the 2004 Inc. 500 list of the nation's fastest-growing privately held companies, and #20 on the 5

6 2005 Deloitte Technology Fast 500 (growing 8,274 percent!). Go Daddy also won the CNET Editor's Choice award in 2001; the Name Intelligence Largest Net Gain Award in 2002, 2003 and 2005; the Name Intelligence Users' Choice Award in 2005; the #1 Best Overall Registrar in 2003; and the Arizona Corporate Excellence Award for fastest growing privately-held company in 2003 and Most Innovative Large Company in Sidebar: About Inspired elearning Founded in 2003 by Martin Rico, Inspired elearning offers both affordable off-the-shelf and custom created web-based training solutions. Their high quality interactive off-theshelf compliance training programs are used by some of the largest and most respected companies in the world. These selections include Code of Conduct and Ethics Training, HIPAA Training, Physical Security and Workplace Violence Training, and Security Awareness Training. Inspired elearning also works with corporate, government and nonprofit organizations to develop cost-effective custom course content and education strategies that will build a well informed and trained workforce that is more attuned to business policies and procedures and therefore better able to meet critical business objectives. 6