Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the agency, the company has embraced a Zero Trust strategy that requires authenticating everyone before granting access. I hosted Emma Smith on a recent episode of Security Unlocked: CISO Series with Bret Arsenault to talk about Vodafone’s cybersecurity approach and the importance of workplace inclusion.
The importance of employee inclusion and safety
When employees don’t feel included, they’re not going to do their best work, according to Emma, who is Vodafone’s Global Cybersecurity Director. She believes it’s up to managers, supervisors, and global security administrators to create a workplace where everyone feels heard.
Emma recalls attending her first industry event after taking over as Chief Information Security Officer at Royal Bank of Scotland in 2011. She was one of merely six females out of 120 people in the room. That experience constructed her personally aware of how important it is to feel included and she said workplace inclusion is a subject she comprises close to her nerve. Vodafone focuses on diversity and inclusion and on how to hire, retain, and progress people of different backgrounds, ethnicities, genders, and ages.
Besides looking out for employees on the issue of inclusion, companies should protect them from security threats. One consistent cybersecurity message from employees–as well as from customers and security teams–is that passwords are exceedingly frustrating, according to Emma. Because of people’s strong opinions on passwords, Vodafone has been participating in a mission to remove them from the local environment exclusively and instead use secure, simple multifactor authentication. It’s an objective that likewise comes from knowing there’s one group that desires passwords: cybercriminals. Switching to multifactor authentication can help remove them from the equation by eliminating a favorite behavior to sneak into a network.
To fight cyber threats, it’s important that threat intelligence teams collaborate with colleagues from different companies to share information on menaces and prevention strategies. Fighting as one security community is far more powerful than trying to do it on our own, Emma explains.
During our conversation, Emma likewise shared her beliefs on the benefits of cloud and secure developer procedures( DevSecOps) in cybersecurity and offered four cybersecurity strategies that security practitioners is expected to adopt immediately to secure employees, data, and devices. One of them? Don’t get so distracted by new and shiny cybersecurity techniques that you forget security basics. To hear details of this strategy and learn about the other three strategies, listen to Leading an Inclusive Workforce on The CyberWire.
Emma Smith is Global Cybersecurity Director at Vodafone. She began her job in auditing. She worked for two years at Royal Bank of Scotland as Head of Internal Audit, Technology, before taking roles at the bank as Head of Group Information Security, Records and Payments Security, Chief Information Security Officer, and Director of Security and Resilience.
Bret Arsenault bio
Bret Arsenault is Corporate and Chief Information Security Officer at Microsoft, where he’s responsible for enterprise-wide information security, conformity, and business continuity efforts. He has more than 25 years of cybersecurity experience. He is Chairman of Microsoft’s Information Risk Management Council and hosts Microsoft’s Security Council.
In this podcast series, I talk with cybersecurity peers and Microsoft leaders about today’s biggest challenges in cybersecurity and practical guidance for security practitioners. To learn more, visit our website. In the meantime, bookmark the Security blog to keep up with our coverage on security matters. Also, follow us at @MSFTSecurity for the most recent developments and updates on cybersecurity.
Apple Podcasts, Google Podcasts, Amazon Music, and Spotify. You are also welcome to download the episode by clicking the episode website link. CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics, such as building a security team and securing hybrid work.
The post How Vodafone Global Security Director creates an inclusive and secure workplace appeared first on Microsoft Security Blog.