Cyber-attacks have become more complex and sophisticated than ever. Even with state-of-the-art tools in its arsenal, a company’s technological defense will only take it so far. In order to keep pace with evolving cyber threats, employee and executive cyber security awareness is critical. 

Employees play a vital role in securing an organization’s information assets. A 2016 study of small and medium-sized businesses conducted by Ponemon Institute found that 41% of SMBs were impacted by data breaches that resulted from negligent employees, third-parties, and contractors.

For John Whiting, Global Chief Security Officer at DDB Worldwide, one of the world’s largest and most influential advertising and marketing networks, raising the cyber consciousness of the enterprise is paramount.

“We follow-up training videos with a lot of awareness,” said Whiting. This includes publishing cyber updates in company newsletters, sharing threat information via internal social media channels, and by imparting cyber education through other mediums.

Cyber awareness doesn’t stop with employees. This year, Whiting and his team have developed 50 customized training videos on how data should be managed and secured, 35 of which are specifically geared for senior management. The video series includes a 3-minute video from DDB CEO Charles E. Brymer stressing the importance for DDB employees to follow sound security practices. 

Protecting clients and consumers

Whiting also incorporates DDB’s cyber security policies into each of the contracts the advertising giant crafts with its clients. “I negotiate the contracts from a security advertising privacy point of view,” said Whiting. “Once the contracts are completed and the client’s security team contacts us for an assessment, we make sure we set the scope accordingly to the risk and the services that are being provided.” 

From there, the teams reach agreement on a procedural approach for executing on the action plan. This includes steps to protect consumer privacy, such as the data that’s being captured and whether it’s public information or personally identifiable information and whether individual consumers have provided consent for using this information.

“We make sure both teams are on the same playing field,” said Whiting.