1 minute read
CYBER SECURITY TRAINING
WSC’s Information Technology (IT) Department is dedicated to cyber security and business continuity. In 2019, an Information Security team was created to improve our security posture and execute yearly strategic security roadmaps, updated annually; by doing so, this maintains and strengthens our company’s ability to protect company and client data. The team conducts an annual comprehensive security assessment in tandem with monthly vulnerability scans and remediates identified issues. Our SIEM platform, AlienVault, monitored 24/7/365 by ProCircular, is utilized to help improve our detection and prevention of attacks on our company’s equipment year-round.
A security awareness program was launched in May of 2020. Employees undergo training to spot ‘phishing’ scams and other malicious emails or attacks. These fraudulent requests are sophisticated and can use known company contacts to lure others into sending funds to illegitimate recipients or compromise confidential data and information. On a monthly basis, employees are tested internally and if the employee fails, they are required to go through additional training, and in some cases meet with human resources (HR) and IT for performance improvement. As scams are ever-changing, training and tips are provided to arm our employees with the knowledge to be a digital Brother’s and Sister’s Keeper and ensure we protect our family of companies and their employees.
Highlights
- Conducted a tabletop exercise to prepare for any security emergency
- Rolled out BitWarden password manager
- Weekly trivia during Cyber Security Awareness Month in October
- Deployed the KnowBe4 learner app to all company mobile devices
- Made improvements to our security posture with our vCISO project and extended through 2025
49.25
In 2023, WSC will continue to implement tools and training for increased company preparedness and due diligence against increasing cyber security risk.
19
Safety Goals
Cyber Security: In 2022, Sustainable Environmental Consultants will undergo proactive security measures with a 3rd party audit.
Cyber Security Training: Ensure company participation improvements by 5% of additional security awareness training.
Safety: Continue with zero safety incidents.
Cyber Security Training: Ensure company participation and improvement by 5% of additional security awareness training.
Cyber Security: Stay at or below a low-risk measure for all future app scans after 2022 remediation.
Cyber Security: In 2023, Sustainable Environmental Consultants will maintain a lowrisk level on their web app for EcoProducer.
Cyber Security: Work towards SOC II certification by 2025.
Cyber Security Training: Continue to hold company participation and improvement by 5% or 200 hours of additional security awareness training in 2023.
