Last night AGL was awarded Cybersecurity Enterprise Employer of the Year at the Australian Information Security Association (AISA) Awards, recognising the work AGL has done to address cybersecurity.
Just three years ago, the AGL Board mandated that we improve the organisation’s cybersecurity and information security, with clear targets to be achieved in two, three and four years.
To accomplish this, we launched AGL's Security Uplift Program (SUP) to ensure our customers and our customers’ data are safe and secure.
For us, we look at cybersecurity as a condition to treat, not a problem to solve.
We decided to tackle the cybersecurity problem through people, process, and technology - rather than taking a compliance approach.
I think we’re far too focused on trying to train people from a technical perspective without considering that it’s really a human-centred problem.
AGL’s approach to cybersecurity is enterprise-wide, focused on creating a cybersecurity mindset across AGL. For example:
- Training staff on how to recognise suspicious emails by regularly educating with phishing training emails.
- Sharing key cybersecurity messages through innovative communication campaigns.
- Using social media, community pages, and a ‘Stay Safe Online’ page on agl.com.au to make people aware of recent scams targeting customers and provide useful resources.
- Uplifting secure coding with collaborative hackathons.
- Promoting safe flexibility by providing tools to secure remote/collaborative working.
Approaching things from a different angle has helped.
We brought people from across the business into our cybersecurity team and retrained them, enabling them to have cyber in their wheelhouse. A lot of these people came with problem-solving and dynamic-thinking skills – we just needed to help them understand the technology.
Our people make us what we are and play a critical role in supporting us on the road to promote the importance of cyber safety to our entire organisation, as well as our customers and the community. That’s the core of how you solve a cybersecurity problem.