Back to news home Back arrow

People for Privacy - How to keep your staff safe online

September 03, 2018

KO

By Kathleen Orner
Vice President & Chief Risk Officer, CWT

Anyone with access to the Internet can put your company at risk.

Protecting clients’ personal information is a business imperative, And now more than ever, it’s crucial to be transparent about the use of data. That means putting in place the right policies and technical controls to safeguard information.

Investing in the latest and best technology is an essential part of mitigating cybersecurity risks, but protecting your hardware and software is simply not enough. It’s essential to train your employees on a regular basis.

According to the 2014 U.S. State of Cybercrime Survey conducted by CSO, PwC, the U.S. Secret Service, and the CERT Division of Software Engineering Institute at Carnegie Mellon University, companies that fail to train new hires in cybersecurity reported annual losses of $683,000 compared to $182,000 for those who were trained.

At CWT, we regularly review and update our policies in response to changes in our business, technology, infrastructure and regulatory requirements. Our information security program includes training for all employees, not just new hires. We also celebrate an awareness week, during which we educate our staff on matters of cyber security-

Here’s what we do to reinforce our information security program:

  • We Stay Current. We update our program to address new challenges and promote the program through training and awareness campaigns that run throughout the year. We don’t leave it stagnant on our intranet.
  • We Think Globally. We work with our entire organization to ensure that everybody is aware of his or her role, no matter their position in the company.
  • We Have a Clear Governance. Our Risk & Security Governance Committee focuses on global risk and security. Formed by our CEO, CTO and General Counsel among others, it has expanded by forming a sub-committee which focuses on the use of data.
  • We Avoid Jargon. We make things easy to understand and don't assume our audience is extremely tech-savvy.
  • We're Creative. We think of ideas to engage staff such as quests or small events. We make things fun so people will remember them.

To find out more about information security at CWT, feel free to read the Ethics and Business Behavior Chapter of our latest Annual Responsible Business Report – June 2018.