Online courseware presents many organizations' IT training programs with a bit of a dilemma. Though these methods greatly increase convenience, especially during the pandemic, they come with new risks. Namely, sharing without authorization.
At the start of a physical IT course, it's as simple as handing out supplementary material on paper and collecting it at the end of the session. Once you move to a digital environment, however, the concept breaks down. Theoretically, each person has infinite copies. Thus, can distribute as many as they like if the proper controls aren't in place.
So, let's talk a little about those controls and the best route to protecting IT courseware throughout its journey:
The courseware should have encryption and protection as early in the process as possible. This means before you transfer it to a remote server, USB stick, or online learning platform. This must happen before it leaves your sphere of control. Once a document uploads to an online platform, even if it has protections in place, it's at the mercy of whoever can get hold of it.
Encrypting the document before upload ensures that unauthorized parties who get hold of it won't be able to use it without a way to decrypt it first. This philosophy should extend to distribution via USB stick, too. Distribution via a physical device doesn't stop someone from uploading your courseware documents to cloud storage.
Overall, then, encryption is a useful tool in protecting documents in transit and at rest. However, once content is decrypted, it's anyone's game. Documents without protection can be unknowingly distributed. As a result, you should pair it with another solution that provides authentication and sharing controls. We'll discuss some of those below.
The internet provides an extremely convenient way to share course content. Thus, so many distribute their content through web browser viewers that make use of browser-based controls. However, though some solutions promise the moon, the truth is that they can only be as effective as the browser they're delivering through.
As well as typically being unavailable for offline use, browser-based courseware distribution usually fails to protect against several attacks. This includes screen grabbing, use of browser debug, and developer modes to extract content. Not to mention, plugins that bypass restrictions. It's also difficult for browsers to detect whether a real print driver is being connected. Or, even whether users are printing to a file (print to PDF).
The most common mistake when it comes to courseware and encryption is thinking that a password is enough to protect the content. For example, standard, Adobe PDF password encryption was cracked years ago now. Elcomsoft's tools can even do it in under a minute if you use a weak password.
Less sophisticated free tools will also simply try to brute force the password. They will try different combinations and dictionary attacks until they get a hit. This means that protection can be strongly reliant on how secure the password you use is.
Beyond that, however, passwords only protect your content so long as others don't share it. Trainees must have access to the password to access your courseware. Thereby, they are free to share it with anybody else without your knowledge. Like pure encryption, they also don't stop users from sharing the content after they decrypt it or screenshotting and printing it for others. This is true even if you apply PDF restrictions such as stopping editing, copying, or printing. Those restrictions can be instantly removed using online tools. Some applications like Mac Preview and Google Docs just ignore them to begin with.
DRM solutions tend to do a much better job of filling in the gaps that encryption leaves behind. As well as using better encryption, they're able to remove the need for passwords entirely. Transparent key-based systems remove many avenues of attack while maintaining convenience.
Most critically, though, document DRM offers controls to protect courseware documents after they have been decrypted. Many PDF DRM solutions, for example, allow publishers to block screenshots, stop printing, make documents expire after a certain period. They can also make watermarks permanent, and even more. They do so while retaining the flexibility of online and offline use. Additionally, they have the ability to integrate seamlessly with online learning platforms like Moodle.
Encryption is an excellent first step for protecting IT courseware. But, for full protection, it must pair with a full DRM system. Though the licensing and implementation of such a system comes at a cost, ultimately it's a small price to pay. Especially to protect the hundreds of hours put into creating comprehensive and potentially sensitive learning materials.