Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Welcome to the new look Community! We're still upgrading and making some changes to the platform over the coming weeks! Stay tuned.

Why security is about people - maintaining customer trust through staff education

Retired Employee AndrewStephanou
Retired Employee
0 0 3,225

Getting more leads from your website, more downloads from your smartphone apps and more social media interaction with customers?


That’s great, but as digital technologies become more entrenched in your business, it becomes even more vital to protect your data. It’s a question of trust – can your customers trust your organisation with their personal information?


Losing consumer trust due to a security breach can lead to immediate loss of business – and that trust can be difficult to regain. And if that’s not enough cause to justify investing in cutting-edge, enterprise-grade security, see our previous blog post ‘Four reasons why you may need to re-evaluate your enterprise security’.


Security strategy

Being a major telco, security has always been a top priority for Optus, but to maintain our customers’ trust we’re continually adapting and refining our security tools and processes.


A detailed information security strategy is critical to guide the evolutionary process, and Optus’ strategy focuses on:


  • continuing to improve our early detection and incident response capabilities
  • fostering a security-aware culture by regularly educating our staff and our customers
  • optimising our internal processes, such as user and access management
  • building resilience into our infrastructure with regular reviews, testing and independent audits.


Protecting the weakest link

Of course, technology solutions are still important for blocking many threats, but sophisticated attacks such as advanced persistent threats (APTs) often target the weakest link in an enterprise – its people.


Information security is now a social issue just as much as a technical one. Everyone in the organisation needs to do their part. Enterprises need to remain vigilant with regular education programs for employees and, where appropriate, customers.


Even traditionally security-conscious enterprises like telcos need to continually promote good security practices and educate users about new threats and vulnerabilities such as Heartbleed. This highly publicised bug in a popular web encryption technology potentially compromised user data on millions of e-commerce and transaction-based websites.


For this reason, we need to continually redefine our employees’ perceptions of just what the latest security threats can do. We need their buy-in so we can protect our most valuable assets – our customers’ data and their trust.


For more insights into building and maintaining carrier-grade security, see our paper 'A question of trust'.

Tags (2)
About the Author
Andrew joined Alphawest in 2010 as the National Security Practice Manager and more recently appointed to the role of Director of Security Centre of Excellence in Optus Business with responsibility for strategy and delivery of Security Services. Andrew has worked in the ICT industry his entire career and has held various roles within network integration organisations - focusing on areas such as ICT and information security, enterprise risk management, IT governance and compliance.