Cisco’s cultural revolution puts staff in the front line

Cisco has begun a drive to bolster its defences against hackers by training its 55,000 employees to take personal responsibility for the secure use of the company’s IT systems.

Cisco has begun a drive to bolster its defences against hackers by training its 55,000 employees to take personal responsibility for the secure use of the company’s IT systems.

Within the next year the company plans to put its entire workforce through an online training programme to show them how to keep information secure from computer criminals.

The programme, which encourages staff to take personal responsibility for security rather than leaving it to the IT department, will significantly reduce the risk of information theft, said John Stewart, Cisco’s chief security officer.

“I want everyone to feel empowered and to know what to do. We have about 55,000 employees. If I have 40 people on my security team, that set of 40 people will never be able to protect the company if there are 55,000 others in the company. It is clear we have to make 55,000 security champions,” he said.

The campaign aims to change the culture of the company by recognising that security breaches will happen, and by training staff in how to minimise the risks and respond to breaches when they occur.

The programme teaches staff how to handle information securely, including e-mails containing customer information, sensitive electronic engineering drawings, and the use of communication systems, such as wireless networks.

The company is reinforcing the training with regular reminders, including voicemails and e-mails, as well as podcasts from senior executives responsible for sales and other non-IT parts of the business.

Cisco is also offering rewards to staff who show initiative by nominating them as security champions and offering financial incentives.

The company plans to extend the training programme to its 300 business partners, and is looking at how best to do this.

Stewart said making Cisco’s own best practices in security publicly available to other firms would help to reduce the overall impact of computer crime.

“One of the hardest things to do is to protect two companies that are working together. Each company is trying to protect itself, but there are side doors that people use to go in and out. It is not an easy one to solve,” he said.

Read article: Educating end-users

Comment on this article:

Read more on IT jobs and recruitment

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.