FundSERV Quarterly - Security awareness a strategic goal at FundSERV

FundSERV Inc.
Volume 7, Number 2, July 2007

Prepare. Protect. Prevent: Security awareness a strategic

goal at FundSERV

What to watch for on the web

FundSERV testing new portal for working groups

High levels of customer satisfaction continue

FundSERV Network Performance

All articles

By Marie Sawa

At some time or another, it's probably happened to all of us. You're surfing the web; you click on a link, and then BAM — pop-up after pop-up after pop-up. And even when you think you're in the clear, after racing to close those annoying pop-up windows, the chances are pretty good that your computer has been infected with spyware.

Avoiding this type of scenario was

one of many topics covered during FundSERV's first Security Awareness Week, held April 10th - 13th in Toronto and May 3rd - 4th at the Company's remote twin office. Coordinated by FundSERV security analyst Don Singh, the aim of Security Awareness Week was to ensure that all employees develop a basic level of security knowledge.

"We identified company-wide security awareness as a strategic goal of the department this year," says Amir Jafri, vice-president of technology. "We wanted to give everyone, at every level in the company, a baseline on various aspects of security that affect their lives here at FundSERV and at home."

One of the presenters was security expert Craig McGuffin, of C.R. McGuffin Consulting Services, a twenty-year veteran in the field of computer technology, network controls and security. McGuffin enlightened participants with examples of the way some criminals use computers as their weapons.

The general computing safety session taught employees about the dangers of malicious software, or malware. Malware is designed to appear useful or legitimate but actually executes some malicious action instead. Spyware, for example, is a type of malware. It's a software that performs certain behaviors, such as advertising, collecting personal information, or changing the configuration of your computer. In addition to spyware, session participants learned about the forms of malware commonly used in today's computing environment, such as adware, worms, trojans, rootkits, phishing and pharming. More importantly, though, they learned how to protect their computer against such attacks. "It would seem that the biggest problem in IT security is the users, but it isn't just the users, there is a lack of monitoring," says McGuffin. "To help promote security awareness, IT staff needs to advocate security to users and demonstrate commitment to it through systems and practices."

The environmental security session brought out the competitive side of FundSERV's employees. After learning about the elements and types of fires, employees were taught how to use a fire extinguisher. They then competed in a fire simulation challenge, extinguishing a virtual fire as quickly as possible in two test situations. Brad Bragg, technical support/UAT analyst, posted the top combined time of 6.4 seconds, followed closely by Geoff Fox, senior manager of project and portfolio management, with a combined time of 9.0 seconds.

Security Awareness week is now scheduled to be a semi-annual event. "We want to ensure the education we give our employees about security is in line with the best practices of the industry," says Jafri. "Making this a semi-annual event will allow us to keep our employees up-to-date."