More Information Security in the Workday Routine - Bertelsmann SE & Co. KGaA

Information about the international media enterprise and it's corporate divisions RTL Group, Penguin Random House, Gruner + Jahr, Arvato; detailed information for journalists in the Bertelsmann SE & Co. KGaA's Press Center as well as everything about Corporate Responsibility activities at Bertelsmann.

Gütersloh, 06/08/2016

More Information Security in the Workday Routine

Mario Scherer (ZP, Corporate HR Strategy & Systems), Mark Kellermeier (Z-CIT, Corporate IT Governance), Danika Bärtling (Z-CIT, Corporate IT Governance), Martina Hecker (ZY, Bertelsmann University) (f. l.)

Subject: Media & Services
Country: Germany
Category: Project

From unpublished financial figures to customer data and reports broadcast on TV, information and data – "digital assets" – are of essential importance to Bertelsmann, assets that need to be protected against unauthorized access. In the digital age dealing with digital assets in the workplace is associated not only with new opportunities, but also with challenges. In addition to sophisticated, constantly updated security technology in networks and on the computers, it is necessary that users, i.e. the company’s employees, are aware of the sensitivity of the digital information they handle every day – and of how they are to handle it. For this reason, the Corporate Information Technology department at the Bertelsmann Corporate Center has developed an online-based "Security Awareness Training" program.

"In addition to the risk arising from the further increase and professionalization of cyber-attacks, it is often the little, involuntary mistakes in handling information and IT systems that can result in the loss of confidential information," explains Mark Kellermeier, Director Corporate IT & IT Governance at Bertelsmann. As part of the Bertelsmann Information Security Management System  (ISMS), we regularly record the risks in connection with our digital assets. "Nearly every unit in the Group has identified security awareness as one of the top security issues," adds Kellermeier. Based on this feedback, the cross-divisional Bertelsmann Information Security Board, the Group’s unit in charge of information security for all the divisions, tackled the topic and adopted a corresponding program, whose first part is computer-based training.

Tutorial is just the first step

"Of course we realize that changes in the daily handling of sensitive information can’t be achieved by a 20-minute tutorial alone, so our Security Awareness Training is only the first step in the right direction," says Kellermeier. That is why, he says, there will be further specific tutorials for individual target groups that are increasingly becoming a target for cybercriminals and their devious attacks, such as – more technical training – for administrators, and – more application-based training – for accounting staff who are authorized to make payment orders.

"The right tone and presentation format are the key to success in making rather dry content like information security accessible – we hope we’ve succeeded in doing so with this tutorial," says Kellermeier. He points out that individual training has already been carried out at a series of Bertelsmann companies. For example, RTL Netherlands informed staff about the subject through intranet articles, lectures and posters during a "Security Awareness Week".