WW group kicked off an Information Security awareness campaign in October 2015. Tor Langrud, chief security officer, believes it has been a learning curve for all employees and that it was time and money well spent.
Words: Alannah Eames
Since October 2015, WW group has been conducting an Information Security awareness campaign across all its sites worldwide. Since then, it’s been hard to miss the CEO videos and articles on the Intranet. Many of you have also participated in online trainings on this topic.
“The purpose of the campaign is to show you that Information Security is important to protect you and your personal information, but also that of the company,” says Tor Langrud, WW group’s chief security officer. “Some of the information covered in the campaign are things you would be doing already, much of it is common sense, but we can all learn a few new tricks that will improve our information security even more. Protecting critical information must be part of our culture on shore or at sea.”
Many of the major hacking scandals of the 21st century have involved theft of credit card details belonging to customers. So, how can hackers damage a shipping and logistics company like WW group? “Like any other global business that depends on digital information flow, we are vulnerable,” warns Langrud. “We have a global information network on land and at sea which could be exposed to fraud, malware, stealing of sensitive information, harmful insight, manipulation or deletion by ‘dishonest’ competitors, ‘unfriendly’ authorities, criminal organisations and others. If that were to happen, it could seriously damage our business.”
If you spot an information security breach, it must be reported immediately to your designated security officer, says Langrud. “We’ll handle it according to the seriousness of the threat, and depending whether it is a technical or human-related breach.”
Top 10 security tips
Tor Langrud, WW group’s security officer, shares his top 10 security recommendations – precautions he uses at home and at work.
- Ask yourself ‘What is important and sensitive information to me?’
- Stick to disciplined information security routines, also outside the office.
- Don’t talk about sensitive information in public places. People may be listening to you!
- Gut feelings are there for a reason. If something doesn’t feel right, trust your instincts!
- Identity thieves use various phishing techniques. Protect yourself by keeping your personal information to yourself.
- Pass phrases are more secure than traditional passwords. Use long pass phrases when securing sensitive data.
- Before clicking on a link, take another look. Think before you click!
- Keep your computer secured and learn to recognise the signs of possible infections.
- Always log out or lock your computer when leaving it.
- Never let a stranger use your computer – they might try to access sensitive files and information.
The greatest risks
According to security professionals, there are two kinds of companies: those that know they have been hacked, and those that have been hacked but don’t know it yet.
Most companies have antivirus and firewall software. However, a poll conducted at Infosecurity Europe 2014, showed that 37 % of respondents said the biggest threat to information security was rogue employees, higher than cyberattacks (19 %).The greatest danger to information security is not outsiders but employees who have access to secretive business information and crucial data.
Even the best software and ‘most secure’ systems won’t help if an employee accidentally – or maliciously – breaches a company’s information security policy.
- Losing a USB-stick with sensitive data on it
- Leaving an open document on an unlocked computer
- Forgetting a customer contract in a coffee shop
- Losing an unlocked iPhone in a taxi
- Leaving confidential documents on your desk after hours
- These ‘accidents’ can have the same effect on the company as an employee who deliberately leaks confidential company information to the media or a competitor.
Prevention is better than cure
So, how can you ‘control’ employees’ actions? The answer is: ‘you can’t’. However, companies who train their employees about information security issues, suffer less attacks than those that don’t. It also helps when companies give employees the right tools to avoid risks: for example, simple password resetting processes or giving developers fake datasets to work with in a test environment so they don’t need to use real-customer data.
At the end of the day, good information security boils down to employees using their common sense. As computer geek, and founder and CEO of LockerGnome Inc Chris Pirillo said: “Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”