Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Be Secure” – How to implement the 9 key behaviors in your team

Published byBruce Rice Modified over 6 years ago

Similar presentations

Presentation on theme: "“Be Secure” – How to implement the 9 key behaviors in your team"— Presentation transcript:

1 “Be Secure” – How to implement the 9 key behaviors in your team
Information Protection and Cyber Security INTERNAL

2 Purpose and content of leadership toolkit
Join in and make yourself acquainted with the Leadership Toolkit. Learn more about the objectives of the campaign and the 9 key behaviors. Understand all 9 behaviors “to Be Secure”, communicate and anchor them in your team. An electronic Leadership Guide, with information about the campaign and how you can become a role model in 3 pragmatic steps. A leaflet for employees, introducing all key behaviors and providing Do’s and Don’ts. A slide deck to not only discuss each secure behavior with your team but also with tips on “hidden slides” for you as disciplinary manager to embed them in your working day. Ensure that all of your team members have access to the leaflet for employees – in a printed or electronical version – before presenting the slide deck in your team meeting. Place the topic “Information Protection and Cyber Security” on the agenda of your regular team meetings and use the slide deck to discuss the 9 key behaviors. The slide deck includes an overview per behavior and a leadership preparation on hidden slides.

3 #1 Join in – your behavior makes the difference
Your behavior is the most important security asset at BASF. You make a huge impact on Information Protection and Cyber Security by joining in to protect our information. What does this mean for each of us? Understand and identify where and how you can apply the key behaviors every day Don’t take security lightly by ignoring security measures out of convenience

4 #1 Join in – your behavior makes the difference
Important note: Additional information for you as a leader. This is not part of the presentation #1 Join in – your behavior makes the difference How can you promote this key behavior in your team? Present each key behavior regularly in your team meetings and discuss the behavioral Do’s and Don'ts Hang up a poster of the “Be Secure” campaign in your office Share the link to the “Be Secure” portal with your team and encourage them to add it to their “Favorites” list Integrate secure behavior in your team’s performance cycle (objective setting, appraisals) Integrate the Information Protection Minimum Requirements in your team Give feedback if your team behaves in a (non-) secure manner Motivate your team to complete web based trainings on Information Protection

5 #2 Use strong passwords Accessing systems with user name and password is usually one of the first things we do each day at work. Select strong passwords, change your passwords regularly and use additional authentication factors. What does this mean for each of us? Create strong passwords in line with company requirements Don’t give other people access to your password(s) or other authentication factors

6 Important note: Additional information for you as a leader. This is not part of the presentation #2 Use strong passwords How can you promote this key behavior in your team? Inform your team about the password requirements Foster the use of strong passwords for systems and applications in your team and establish it in the workplace Propose to use a calendar reminder for changing passwords in your team Have a look periodically whether your team members lock their IT systems during absence

7 #3 Classify Information
You are handling tons of information at work every day. How can you support others and your systems in handling information securely? Join in by classifying and marking your business information so that it is handled appropriately. What does this mean for each of us? Classify information by using the BASF Protection Classes and handle them accordingly Don’t neglect your responsibility to classify information and don’t underestimate your impact in doing so

8 #3 Classify Information
Important note: Additional information for you as a leader. This is not part of the presentation #3 Classify Information How can you promote this key behavior in your team? Make sure to classify and mark shared information with your team correctly Point out examples with respect to correct and false classification Ensure that a classification list for your unit is available and share it in your team (ask your Information Protection Officer for support) If necessary introduce your team to the BASF Microsoft Office Wizard Present the classification wheel in a team meeting (write to

9 #4 Respect the Need-to-know principle
The Need-to-know principle means only authorized people receive the information they need to perform their tasks. Always consider the Need-to-know principle and be careful when you share business information. What does this mean for each of us? Always consider which information your counterpart requires for his / her job Don’t be careless with your information nor with the tools that you use to share them

10 #4 Respect the Need-to-know principle
Important note: Additional information for you as a leader. This is not part of the presentation #4 Respect the Need-to-know principle How can you promote this key behavior in your team? Explain the Need-to-know principle and the importance of complying to your team Check access rights (e.g. Teamrooms, Shared Drives etc.) regularly in your area of responsibility (at least once per year) Ensure a secure physical and/ or virtual environment for meetings Discuss the social media policies of BASF with your team

11 #5 Use public web services carefully
Public web services make life easier for us. They let us collaborate in real time and are often free of charge. Only use BASF approved public web services for work purposes and be mindful in what you share online. What does this mean for each of us? Be aware of the BASF authorized web services for file storage, translation or communication Don’t use public web services for handling corporate information because you lose control over it

12 #5 Use public web services carefully
Important note: Additional information for you as a leader. This is not part of the presentation #5 Use public web services carefully How can you promote this key behavior in your team? Use examples to discuss why certain public web services (e.g. Google Translate) are not allowed to be used at BASF Integrate the secure web services at BASF into your and your team’s work routine (e.g. using the BASF SharePoint) Be a role model and discourage the use of unsecure public web services if you observe it in your team Discuss (if needed with the Information Protection Officer) how social engineers use personal data unintentionally published on the internet and check recent incidents

13 #6 Check received files and hyperlinks before opening
Have you ever received a malicious that looked official? Scammers can actually be very smart in trying to trick receivers. Look out and check the source, links and files properly to protect from malware or getting scammed. What does this mean for each of us? Handle s and their content cautiously Don’t be careless when reviewing and responding to s

14 #6 Check received files and hyperlinks before opening
Important note: Additional information for you as a leader. This is not part of the presentation #6 Check received files and hyperlinks before opening How can you promote this key behavior in your team? Share the link of the “Phishing” page on the “Be Secure” portal within your team. Encourage them to read the newsletters and to complete the training. Inform your team about how to handle phishing mails properly and provide your team with the checklist for identifying phishing mails Discuss phishing incidents that may have happened in your team or at BASF in general. Inform your colleagues or your Information Protection Officer, if such s are currently circulating Explain to your team how to forward a suspicious as an attachment to Demonstrate how to do it: Simply choose or click on the and press the key combination Ctrl + Alt + F Please distribute this link.

15 #7 Only connect authorized devices and use encryption
External devices are frequently used for work purposes. As a result, they are one of the most common ways to attack companies. Don’t connect unknown, non-BSF, found or private devices to the BASF infrastructure. And remember to encrypt sensitive infrastructure. What does this mean for each of us? Only use authorized devices and ensure that sensitive information is encrypted Don’t neglect your responsibility to fulfill the security requirements for portable devices

16 #7 Only connect authorized devices and use encryption
Important note: Additional information for you as a leader. This is not part of the presentation #7 Only connect authorized devices and use encryption How can you promote this key behavior in your team? Use hardware encrypted USB sticks, if available (e.g. Kingston Traveler) Promote the importance of strong passwords for authorized devices in your team Remind your team to never leave mobile devices unattended Do not charge external devices using your laptop, or your BASF smartphone using external rechargers via USB interface. The power plug is the safest choice!

17 #8 Connect to BASF network when working outside the office
Being outside the office also means being outside of the protected “BASF network environment”. Take additional security measures, such as using the BASF VPN, and always keep an eye on your physical environment. What does this mean for each of us? When working remotely always activate the BASF VPN Don’t process business information in an unsecure environment (e.g. a canteen, hotel lobby or airport)

18 #8 Connect to BASF network when working outside the office
Important note: Additional information for you as a leader. This is not part of the presentation #8 Connect to BASF network when working outside the office How can you promote this key behavior in your team? Assure that your whole team can handle the BASF VPN tool, through introducing it in a team meeting Advise your team, to comply with information protection also on journeys and while traveling

19 #9 Get help from IS Service Desk and your local Information Protection Officer
Questions are normal and mistakes can always happen. Speak out and address issues or uncertainty with the IS Service Desk (ISSD) or with your Information Protection Officer (IPO). What does this mean for you as a role model? Get familiar with the services provided by your local IPO and IS Service Desk Don’t hesitate to report incidents and queries to the IS Service Desk

20 Important note: Additional information for you as a leader. This is not part of the presentation #9 Get help from IS Service Desk and your local Information Protection Officer How can you promote this key behavior in your team? Inform your team of the contact details for your unit-specific Information Protection Officer (IPO) and IS Service Desk If applicable, organize a “Meet & Greet” with your local Information Protection Officer Actively take part in and promote events that are organized by your local Information Protection Officer and keep your team up-to-date Discuss the different roles and services of the Information Protection Officer and the IS Service Desk. (who should be approached when?)

21 The “Be Secure” portal forms the solid digital foundation of the IPCS awareness campaign
The Global “Be Secure“ portal (be-secure.basf.net) went live in May 2015 Joint Project between the two competence centers GU and GS It is the global communication platform for the behavioral change campaign and beyond It illustrates 9 key behaviors for users to securely handle their jobs in 7 languages Highlights current specific topics (Phishing, IPO Spotlight)

22 Each key behavior page follows a 3-step communication approach
1 Animated videos, introducing the behavior and its context and creating attention Infographics, communicating users the Dos and Don’ts FAQ, explaining the details and giving step-by-step guidance 2 3

23 Information Protection and Cyber Security concerns everybody at BASF
Information Protection and Cyber Security concerns everybody at BASF! Help us to spread the message of Be Secure…

24

Download ppt "“Be Secure” – How to implement the 9 key behaviors in your team"

Similar presentations

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
1 of 6 Parts of Your Notebook Below is a graphic overview of the different parts of a OneNote 2007 notebook. Microsoft ® OneNote ® 2007 notebooks are digital.

1 of 6 Parts of Your Notebook Below is a graphic overview of the different parts of a OneNote 2007 notebook. Microsoft ® OneNote ® 2007 notebooks are digital.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
CPS Acceptable Use Policy Day 2 – Technology Session.

CPS Acceptable Use Policy Day 2 – Technology Session.
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Lee County’s intent is to provide free and equal access to resources via the internet. All school rules for appropriate use of technology also apply.

Lee County’s intent is to provide free and equal access to resources via the internet. All school rules for appropriate use of technology also apply.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.

OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
For more course tutorials visit

For more course tutorials visit
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Important Information Provided by Information Technology Center

Important Information Provided by Information Technology Center
What is Staff Connect? When will Staff Connect launch?

What is Staff Connect? When will Staff Connect launch?
Surf smart training.

Surf smart training.
What is Cloud Computing?

What is Cloud Computing?

Similar presentations

Ads by Google