Dive Brief:
-
Uber has been working to make employees more vigilant about security through a company-wide security awareness and education program, according to a ZDNet report.
-
Executive support of has helped the program succeed, according to Samantha Davison, security awareness and education program manager at Uber.
-
Because most of its employees are millennials, Davison also focused on gamification and incentives to encourage participation.
Dive Insight:
Because it was a startup, Uber had the opportunity to start building good security into the corporate culture from the beginning, said Davison, speaking at Infosecurity Europe conference in London. But it’s also about making security a core part of the company’s mission.
"With my program, working with the security team to build a larger security program, it gives me the opportunity to bake security into our culture," Davison said. "We're really big on mission statements at Uber and the mission statement for my team is to make security as instinctive as breathing for all our employees, so they automatically know what to do."
A number of recent studies indicate that employees are indeed the weak link when it comes to enterprise cybersecurity. "Most loss of sensitive data is caused by employees using insecure means to transmit data—whether the leak was intentional or not," said John Lane, Chief Information Security Officer at Biscom.
Millennial employees have a reputation of not caring enough about security. Recent research from SecureAuth found 54% of millennials said they would rather improve their Internet speed than their personal online security. To address that, Davison said she makes sure to include an element of fun in her program.
"In engaging the millennial demographic, Uber focuses on a lot of gamification, competition, sorting people into teams to help them drive each other to participate more, then giving them rewards, incentives and recognition for participation in the program," Davison said.