Australian hearing aid implant manufacturer Cochlear has improved employee security awareness since embarking on a re-education program two years ago.
Speaking at the Gartner Security & Risk Management Summit in Sydney, Cochlear CSO Craig Davies told delegates that his security team runs an observe and monitor program.
“I believe the vast majority of people want to do the right thing, but the trouble is we don’t tell them what the right thing is,” he said. “They’re always worried that they are going to breach some rule.
“What we have tried to do is drive all the housekeeping stuff out of our environment. We want the basics done right.”
For example, the re-education program teaches employees about avoiding phishing emails and unsafe websites.
- How to present security issues to a board
- CIOs to watch: Cochlear Australia’s Mark Salmon
- Top four tips to improve your security program
The company also has a acceptable Internet use policy which is deployed worldwide. It blocks some sites such as Australian dating service RSVP and music streaming site Pandora.
“We block Pandora because of the bandwidth and tell people 'don’t listen to streaming radio, go buy a radio'.”
Davies added that it is non-negotiable about piracy. It uses a rating system for these types of security incidents ranging from accidental access up to high ranking.
“We defend our intellectual property [IP] in court so therefore we are paranoid about honouring other people’s IP. If an employee is found to have pirated material, they are going to have a bad day.”
Davies said it was important that staff were engaged with security awareness programs.
“If I can get them to awareness, I am happy. If I can get them to understand the problem, I’m ecstatic and if I get them to ownership, my job is done.”
According to Davies, he used to get one to two security incidents a week before doing the re-education program. He has not had a security incident for the past three months.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.