How Delivery Hero works towards a Security Culture
Hybrid working and the new normal are here to stay. After months of remote working, the behaviors we strived to establish in the workplace perhaps disappeared. With our environment changing so fast, it’s pretty challenging for security professionals to build and maintain a positive security culture.
What do we mean by security culture?
Security culture is how an organization manages security towards people, processes, and technology. We, the users, are at the heart of security. The impact we have on the security posture of the company is enormous. However, adopting a security culture may be difficult without the appropriate processes and technologies.
In a positive security culture, we are aware of the potential problems and the risks, and we are accountable for our actions. Changing bad security habits for good ones is easier when we understand risky behaviors. Unfortunately, change doesn’t happen overnight, and we cannot automate it. Instead, we need to focus on continuous improvements in our processes over time.
How do we empower our teams at Delivery Hero?
Creating a security culture goes beyond just rolling out an annual e-learning module training. It works to maintain compliance, which is extremely important and gives our users the basic security knowledge they need to work, but mandatory training as the only approach towards security does not enable the security culture.
Security awareness plays a fundamental role in helping us to develop a positive security culture. Good security habits are easier to build when we give our users personal and impactful security practices that do not just end when they leave the office or turn off their work computers.
How are we growing our Security Awareness Program?
There is no one-size-fits-all Security Awareness program. Each company needs to tailor the plans to their organization and culture. Although we believe that using less traditional approaches to training can help us leverage the Security Culture, we are continually trying to find ways to support our program, and creativity plays a significant role in it. Also, an essential part of the process is to have measurable initiatives to help us to determine whether the approach was helpful or not.
With fewer in-person meetings, planning gets a little tricky, but simple initiatives are our best card to play:
- Phishing awareness campaigns: providing our users with the tools to understand what phishing looks like and how to report malicious emails.
- Digital content: delivering impactful messages using videos, infographics, posts, and making the most of our communication tools.
- Security training sessions for our engineers: aimed to disseminate application security content.
- As part of the activities for Cybersecurity Awareness Month, we hosted a new edition of a Virtual scavenger hunt, open to everyone in the company.
Recently, we launched a Secure Code Tournament with some of our engineers. We aim to identify ‘Security Champions’ amongst our developers, give them an overview of their secure coding strengths and most importantly, make learning about secure coding a fun, engaging, and interactive experience.
What is in the future for our Security Culture?
We will work on more approaches like the Security Champions Program to get help from other teams to engage in our security initiatives. Gamification will play a significant role in our program as well. Hopefully, it will help us leverage security and increase engagement in our Security Culture. As we keep growing, our team keeps focusing on improving our Security Culture and increasing the security ownership throughout the company, which will help us to ensure that the security of our customers and heroes is at the heart of everything we do.
If you like what you read and you’re someone who wants to work on open, interesting projects in a caring environment. We’re on the lookout for CyberArk Engineers, Senior Security Engineers | Digital Forensics, Senior Security Engineers | Fintech. Check out our full list of open roles here – from Backend to Frontend and everything in between. We’d love to have you on board for an amazing journey ahead.