Employee Education on Cybersecurity in Times of Home Office

As a worldwide leading Professional Conference Organiser (PCO) and Association Management Company (AMC), Kenes Group handles a large amount of data; this could be personal information from association members or congress delegates as well as internal documents that need to be exchanged with care. The company’s IT department oversees the data protection and cybersecurity compliance required for the successful operations of the organisation. 

Author: Estefanía Zárate Angarita - Marcom Director at Kenes Group

Security starts from within

The IT team at Kenes Group is constantly delivering information security educational sessions to employees worldwide to raise awareness and educate personnel about the importance of protecting the company’s data and how to do so.

These sessions cover topics such as impersonation and how to identify fake emails, theft of login details, malicious software (malware) and, more specifically, ransomware, which increased greatly during the COVID pandemic with the increase in working from home.

Benny Barak, DevOps Manager at Kenes Group who leads these sessions, explains that “ransomware encrypts the company files and in exchange for them requests a cryptocurrency transfer that can amount up to USD 100m; in 70% of the cases, files are not sent back even after the payment has been made”. This is considered the biggest cyber threat to any organisation today.

In addition to the educational sessions, it is also a must for all employees to use multifactor authentication (MFA), to notify the IT team of any suspicious activity, and to back up all files in the different cloud services that the company has set up.

Protecting partners, protecting data

As part of the efforts to build and sustain trust from association partners, Kenes Group has well-established procedures for data protection that are in line with the company’s overall best-in-breed approach to software development. This means that the IT experts are constantly analysing and reviewing the market to acquire, implement and integrate the best software available, in this case, to manage their information.

Furthermore, Kenes Group implements measures for data disclosure, data segregation and data storage control such as:

• Compulsory use of a wholly owned private network for all data transfers;
• VPN encryption for remote access, transport, and communication of personal data;
• Prohibition on the use of portable devices for data transfer;
• Creation of a chronological log of all personal data transfers;
• Restricted access to personal data stored for different purposes, according to the functions performed by the personnel;
• Logical segregation between IT systems and those of the other data controllers, processors, or customers;
• Segregation of IT production and testing environments;
• Pseudonymisation of personal data;
• Segregation of special categories of personal data from identifying/contact data, and segregated data storage;
• SSO, SSL encryption, backup, and disaster recovery measures;
• Periodic penetration testing.

According to Uzi Drori, CIO at Kenes Group, “we have a strong focus on cybersecurity these days, considering that a lot of our employees worldwide work from home most of the time and we have less control over the used networks, for example. Our IT team is permanently developing ways of ensuring that our information and that of our partners is in the best hands, which are those of a well-educated company regarding data protection.”

Key takeaways to protect your organisation’s data

As you might also be working from home and facing similar cybersecurity risks at your company or association, here are some learnings that you can implement to protect your information:

• Set up multifactor authentication for all your software;
• Don’t open attachments from an unknown source;
• Ensure that your antivirus is always up to date;
• Back up your files in a secured cloud platform.

Alongside implementing the measures mentioned above, and others recommended by your IT experts, consider the educational aspect to be the number one strength of your cybersecurity strategy. Every member of your team is not necessarily aware of the risks, so make sure that you provide up-to-date knowledge for them to take an active part in the protection of your data.