Computing and Commerce Association

View Original

SEEKing Prevention of Cyber Attacks

SEEK has an ever-growing multinational presence as a market leader in online employment. In recent years, there has been a shift towards remote work arrangements which cyber criminals have continually threatened to exploit. This is why SEEK is significantly investing in cybersecurity across people, processes and technology.

Security Awareness

SEEK engages in the management of cybersecurity risks from the frontline. They employ an ‘Information Security Policy’ which applies to all employees, contractors and consultants who use its systems and have access to its data. This policy provides details on how SEEK approaches information security. Through this, SEEK sets out the roles and responsibilities of its users with emphasis on which steps are taken in relation to physical security, device and system access and use, password confirmation and confidentiality.

Furthermore, SEEK requires all employees and long-term contractors to undertake security onboarding. Through this program those most vulnerable to accidental divulsion of data have increased security awareness. Other initiatives SEEK undertakes include:

●      Phishing tests - where simulated targeting of SEEK users are conducted monthly in order to build alertness to possible real-world attacks.

●      A security scorecard - in which a personalised report linked to each individuals’ cyber safety performance is produced on a monthly basis.

●      A password manager - this eliminates poor password habits at work and outside work through the use of a corporate password manager.

Security Programs

SEEK endeavours to be a leading example in mitigation of cyber risks.

In order to ensure this goal is achieved, SEEK performs rigorous testing, internally and externally, using adversary simulations and practising cyber defence to build capability. The security team routinely assesses the current cybersecurity threats by investigating incidents and breaches occurring in other organisations.

SEEK engages in mock incidents in order to plan and rehearse their incident response management. These trials are conducted based on current and emerging threats. Their cybersecurity control is monitored in accordance with SEEK’s Risk Management Framework.

Cybersecurity governance

SEEK’s Cybersecurity Forum, including the CEO, Managing Director Technology, Chief Information Security Officer and Chief Risk Officer convene regularly to assess cyber controls, any emerging risks and the readiness of its organisation.

Cybersecurity is one of SEEK’s key risks and the boards’ audit and risk management committee which is responsible for the review of cybersecurity is regularly briefed on risks and how to mitigate them.