NWO-I starts an awareness campaign about information security, privacy and knowledge security
Handling knowledge and information with greater care
NWO-I houses a lot of important knowledge and information that everybody should deal with carefully. The organisation needs to be on the lookout for phishing emails (false emails from criminals that lure you to scam websites) and possible hacking attempts. Therefore an awareness campaign has started within the organisation to positively change the behaviour of all NWO-I employees with regard to information security, privacy, and knowledge security. This must lead to greater information security for the organisation.
Security-aware critical thinkers
In the spring of 2020, NWO was hacked. Many colleagues can still remember this event well. Work at NWO-D and the NWO-I office was partially suspended and all computer systems - including personal work laptops - were examined and made secure again. NWO responded as well as possible and the associated effect was that employees became even more aware than before of the dangers of unwanted intruders. However, experience has shown that the alertness of employees often subsides again after a while. And on top of that, new colleagues who did not experience the hack have now joined the organisation. Bas Beltman from the NWO-I office is the project leader of this campaign. He explains that information security is about more than the extreme example of the hack: ‘How do you deal with job applicants from countries that are known to be unsafe in this area? Which knowledge do you share at congresses in other countries? Is it safe to log in to the network of a hotel? A case in point is NWO-I Institute ARCNL, which works together with ASML, the world leader in the production of chip machines. In such circumstances, you need to be extremely aware of how you handle knowledge and you are obliged to optimally secure this.’
Putting on your seatbelt
At the end of last year, the NWO-I office and institutes jointly started a programme to make employees 'security-aware, critical thinkers who can deploy their knowledge in new and changing situations and thus actively contribute to protecting their institute or the NWO-I office'.
"Awareness is the starting point for effective behavioural change", says Beltman. NWO-I has engaged the company Awareways, a specialist in the area of security and privacy awareness programmes, to develop a tailor-made programme for NWO-I in collaboration with a project and steering group (experts from disciplines and institute managers). According to Awareways, working securely and consciously should be just as normal as putting on your seatbelt when you get into a car.
Launching of the campaign
What will the security and privacy awareness campaign at NWO-I look like? The well-prepared campaign started with baseline measurements at all NWO institutes and the NWO-I office. This included the sending of a questionnaire and phishing emails. Awareways investigated how often employees clicked on these phishing emails. Based on the questionnaire, they determined the level of awareness among employees about knowledge security, privacy and cyber security.
A learning platform will soon be made available with various e-learning modules. Such a module consists of an introductory text with a number of multiple-choice questions. For each answer, there is an explanation about why it is right or wrong. Finally, at the end of the module, there is a short concluding test. The aim of these e-learning modules is to train employees in how they should react if they are confronted with information security risks. Beltman says that each of these e-learning modules requires about 30 to 40 minutes of an employee's time. They are not mandatory, but NWO-I will explicitly invite its employees to complete the modules. The invitations for this will be sent out shortly.
Parallel to these e-learning modules, NWO-I will use (digital) posters to inform employees about the reasons and necessity for working securely. The posters will also serve as a reminder to participate in the e-learning modules. A team of colleagues from the institutes and the NWO-I office jointly designed the communication materials to ensure that everybody in the very diverse target group is reached. Information security, privacy and knowledge security will also be given a prominent position on the NWO-I website.
After these e-learning modules, a new measurement will be conducted among employees before the summer. Together with Awareways, NWO-I will also offer sessions in which the world of hacking will be made tangible. Once greater awareness has been created among employees, the next step will be to retain this level of awareness. "That will be achieved by regularly putting the subject on the agenda", says Beltman.
Text: Anita van Stel
Newsletter Inside NWO-I, March 2023
You can find the archive of the newsletter Inside NWO-I on the NWO-I website.