In our digitised society, where we spend more time online than offline, an advanced kind of lawlessness has developed. Cyber criminality has come to a level where it is best to assume that you will be a target and start with precautions from an early stage. Schibsted, home of digital brands all over Europe, is working hard to protect sensitive information and dismantle attacks before they happen.
October is not only known for breast cancer awareness and Halloween, but also the EU and U.S. established the month of cyber security. The concept of highlighting the importance of strong data protection is something that Schibsted has adopted through all company levels.
“Cyber security is a broad term, but what it means is that we need to protect our digital assets because without those, we have no business. For a large company like Schibsted, with many journalists handling source-protected information, protecting our data is of utmost importance. That is why we have gone full swing introducing a whole Cyber Security Month in October,” Knarik Avetisyan, Security Awareness & Compliance Specialist at Schibsted, says.
Equally important for all employees
This past October was the third annual Cyber Security Month at Schibsted. During the four weeks, every employee – from journalists and photographers to data specialists and developers – was invited to participate in seminars, lectures and workshops about security. Events that have attracted a large audience in all countries where Schibsted has offices.
“During the pandemic, the events were all online. Because we are a digital brands company, we had the right infrastructure to support that setup. This year, we tried a hybrid arrangement, where some workshops were held live. For example, we did a lock-picking workshop, which was very popular. It showed that it’s important not to forget about physical security as we talk more and more about our digital security,” Knarik says.
“Hack me if you can”
The event that drew considerable interest was titled “Hack me if you can”. The event, inspired by the well-known Leonardo DiCaprio swindler movie, let the participants take on the role of a hacker trying to find weaknesses in a few dedicated internal domains.
“We gave the participants a two-week time frame and basic guidelines not to break anything or put us out of business. Using ethical hackers, or bug bounty programs, is common within cyber security, but doing it internally was a fun experience that has never been done before. We crowned three winners, whose findings we could recreate and use to strengthen our security,” Knarik says.
Making it easy for the employees
One big challenge being a large company consisting of many different brands across several countries is to align the security. With more developed digital infrastructures, hackers get more sophisticated in their attacks. They find and penetrate any weak spots they can.
“Our Data Security team runs a large security program which includes training employees in technical solutions. The human factor is a soft spot in cyber security. There is a common cognitive bias to feel that hackers would not be interested in me and my information. That false sense of optimism can lead to us being uncareful online, which can have immense negative consequences – both personal and professional. By standardising and implementing security services through all the Schibsted brands and employee levels, we strengthen ourselves and minimise the effects of cyber attacks. We are all possible targets, and having a healthy level of paranoia keeps us on our toes,” Knarik says.
Knarik’s three easy steps to a more data-secure life:
- Use multifactor authentication (MFA) on your accounts. The best MFA options are using your fingerprint reader or facial recognition on your smartphone or laptop. By using those MFA methods, you can make your accounts un-phishable.
- Do not save your passwords in your browser. Instead, use a password manager to keep track of all your accounts and to generate new passwords. And remember, all passwords should be unique.
- Update your devices straight away when prompted to. Hackers can exploit vulnerabilities in previous updates. By keeping your devices and software up to date with security updates, your data will be safe.
Are you curious to know what life at Schibsted is all about? Click here!