During the last Privacy Focus Group meeting, the VBO-FEB explained the functioning and the advantages of the interactive DPO Connect platform which was set up by the Data Protection Authority (DPA) in collaboration with DPO-Pro and the Vrije Universiteit Brussels (VUB) with the support of the European Commission.
Learn how to create your own cyber security awareness plan
11 september 2021 – Cyber Security Coalition
Learn how to create your own cyber security awareness plan
Since a few years, the Cyber Security Coalition has successfully run a training programme called ‘Cyber Security Awareness & Culture Manager’. Last Thursday, the permanent chair of the Coalition’s Awareness Focus Group selected 31 participants for this year’s edition of the training. We congratulate all selected participants for this achievement and we look forward to fruitful interaction in the course, which will kick off on September 21st.
We spoke with Alexandre Pluvinage, Head of Human Security at ING BE & DBNL and creator of the programme.
Your job title is “Head of Human Security”. What does this entail?
When most people hear about IT security, they think about firewalls and antimalware protection. Of course, these are important tools, but you have to put the same effort into human security. More than 90 percent of cyber security attacks against companies are targeting people, for instance with phishing or social engineering. In my role as Head of Human Security, I report to the CISO (Chief Information Security Officer) about these aspects. And I’m glad that more and more companies are having the same approach.
What’s so important about cyber security awareness?
If you’re running a transport company and you’re hiring truck drivers, you’re not giving them the keys to the trucks without verifying whether they have a valid driver’s license and whether they drive safely. But not a lot of organisations verify whether their employees are able to use their IT systems safely. Many aren’t even teaching them safe use of their systems.
A few years ago the number of attacks against companies involving employees was not so significant. Now, especially with the hybrid way of working, these cyber attacks are rife. By doing company tasks on your private computer and the other way around, you’re mixing your private risks with professional risks. Employees should know about these risks, and they should know whom to report to when they notice something unusual.
So how do you start to develop a cyber security awareness roadmap in your organization?
The most important part is: just start with something simple. As soon as you have something, you can build on it and learn from it.
If you want to start raising awareness about cyber security among your employees, download the Cyber Security KIT that the Cyber Security Coalition published. This will help you with password security, phishing, social engineering, customers’ personal data and safely working from home.
You’ve created the ‘Cyber Security Awareness & Culture Manager’ training programme, a certification by the Cyber Security Coalition. Why did you create this?
There are other certifications for cyber security awareness, but I wanted to create a very pragmatic programme. During the various modules you learn how to manage stakeholders, how to change people’s behaviour and so on, but you also apply this knowledge to your own organisation and build a cyber security awareness plan.
So after getting this certification, people can apply the lessons learnt directly in their own organisation?
Exactly. I’m the trainer of the last module of the programme, and in this session everything is put together. And then there’s a final test, where participants present the cyber security awareness roadmap they prepared for their organisation during the programme. This roadmap is validated by a jury of security awareness experts.
You get the certification, which is supported by the Cyber Security Coalition and the Centre for Cyber Security Belgium (CCB), if you can prove that you understood the methodology and you are able to create a security awareness roadmap.
This roadmap should be realistic. For instance, if you’re working for a small company with a tight budget, it’s not realistic to come up with a big plan with all bells and whistles. The plan should fit your organisation.
So if you get this certification, you return to your organisation with a validated security awareness roadmap, but you have also learned how to create it step by step.
Do you want to know more about security awareness? Discover the full programme and download the application form for the ‘Cyber Security Awareness & Culture Manager’ training.
During the first in-person meeting since the Corona pandemic broke out, the Privacy Focus Group engaged into a lively discussion on the effectiveness and strategic role of the DPO and addressed the question whether one single person can wear the hat of both CISO and DPO.
Though still very much a work in progress, with no enforcement expected before 2024, organizations would do well to start evaluating the impact of the draft NIS.2 directive proposal on their current security posture. The presentation of Mr. Pieter Byttebier (Centre for Cyber Security Belgium) is a very good start for this exercise.
The GOVERN&LAW experts share the do's and don'ts when setting up a whistleblowing system in your organization and demonstrate how such an effective and robust system can help you self-detect incidents before they become scandals.
In this GDPR anniversary webinar, three privacy experts focus on the challenges they face when assessing and implementing government measures adopted in the fight against COVID19. The Corona pandemic has risen awareness of the importance of privacy, not only in our private life but also in the employer-employee relationship, and the need for a broader democratic testing of privacy threatening technologies.