IWC Schaffhausen Builds an Effective Security Culture
- Empower employees to become the strongest link in defending the organization’s data security
- Engage DXC to design, develop and deploy a corporate-wide information security awareness campaign to educate employees about security needs and to enhance employee loyalty
- Accelerated security project completion times by 25-40%
- Increased competitive advantage and employee loyalty
- Generated and expanded internal and external security brand awareness
Cybersecurity is a word we see and hear constantly in the news. After a few security instances back in 2012, IWC Schaffhausen, a luxury Swiss watch manufacturer, set out to improve its security standards. During planning meetings, the new Senior Information Security Manager, Sascha Maier, realized that not all the technical security fixes in the world would be effective without first engaging the hearts and minds of employees.
IWC Schaffhausen protects its business with employee security awareness campaign
The luxury watch business is highly competitive with prices ranging from the low thousands to hundreds of thousands of dollars, depending on the watch vintage and pedigree. Trade secrets are at a premium and ripe for hacking. Understanding that IWC needed security that encompassed its entire employee base, Maier evaluated several major security providers and chose HPE (now DXC Technology).
DXC helps build an effective and long-lasting security culture at IWC
“We gave all the vendors a security use case and asked them to solve the problem,” recalls Maier. “All the vendors, except HPE (now DXC), recommended that we decide on a security tool, send out a standard questionnaire to all employees and then simply retrofit the staff into the new tool. DXC provided a very astute conceptual framework consisting of educating and engaging all disparate employee types with a corporate branding campaign. It was the right approach.
No matter how sophisticated a security technology is, if that technology is not understood and embraced as part of the corporate culture, large security gaps will exist in the system. DXC tailored the IWC security campaign to the needs of each employee target group. The employee target groups included all business units, such as production, engineering, design, reception, trainees, marketing and sales staff. DXC security consultants met with every one of these groups and listened to what they had to say, then set up a corporate awareness team, which still exists today, to help govern the process of rolling out the corporate security brand, called Top Secure. This multi-channel approach ensured that complex IT security technologies and directives were successfully translated into language comprehended by each group.
Instead of imposing a tool and set of security procedures on people who don’t truly understand security, DXC created understanding, personal ownership and company loyalty, resulting in much stronger corporate security. The new Top Secure security awareness campaign and DXC consultants engaged, and continue to engage, IWC employees in several ways. They offer live events, including Live Hacking, to teach how easily a personal computer can be hacked and how to recognize signs of personal hacking on home computers. Other successful DXC methods include meaningful prizes for participation and the ‘lunch & learn,’ which combines security training and fun social interaction with a good lunch.
“Our employee ownership of security, when combined with excellent security tools and procedures, became a well-locked IWC security system, and a true security differentiator for the HPE (now DXC) solution,” says Maier.
The results of an engaging security culture are employees who understand what to protect, why they should protect it and how they can be part of that protection. True success is achieved when the task of supporting information security is embedded in an employee’s everyday behavior at a level of unconscious competence.
“One of the greatest benefits gained from our HPE-designed (now DXC) corporate security campaign is that I can implement new security procedures 25-40% faster. Security is now a universally understood and branded part of the company. The entire workforce accepts and supports security at a much deeper and personal level. Employees proactively approach me from all departments with activity they think might be suspicious.”
*This success story was originally written by HPE Enterprise Services, which is now a part of DXC Technology as of April 2017.