We take cybersecurity seriously here at WillowTree. Whether our goal is to protect our company, our employees, our clients, or the users of the applications we develop we must understand the risks, threats, and vulnerabilities we face. With this understanding we can make safer decisions and help prevent the next major security incident.
As a member of the security team at WillowTree, it is my responsibility to think about risks, threats, and vulnerabilities and help others make secure decisions. It’s not possible to participate in every conversation, nor would we want to, and that’s one reason it's so important to teach others to think in this way on their own. Rather than creating checklists or policies that every application or individual must abide by, we aim to teach the principles of cybersecurity so everyone can better deal with the unfamiliar situations they will inevitably encounter.
Over the last several years, we have worked hard to foster a strong security culture at WillowTree to ensure fewer decisions are made without considering the cybersecurity implications first. We provide education and courses about cybersecurity every chance we get. We participate in conversations with project managers, directors, developers, test engineers, and anyone who will listen, asking “What could go wrong?”. And we’ve seen this question asked in conversations we are not a part of. This is how we know we’ve been making an impact.
One such course is our Security Champions, or as we call it, SecuriTree course; we have a love for tree related names, if you couldn’t guess by our name. This course is a prerequisite for becoming an official SecuriTree within our organization. It is intended to give an in-depth view of the security goals of the company and an overview of the tools and practices we have in place to meet those goals. As a SecuriTree, it is part of their job to report things that are not in line with the practices they learned in the course.
Annually, we provide the company with dedicated Security Awareness training. This training touches on the foundations of security and current threats to keep an eye out for. The protagonist of these trainings, Sparrow, has become a common meme throughout the organization. When your entire company is making fun of a character from your Security Awareness Training, you know you have a pretty good security culture!
On top of this training, we also want to ensure our employees are prepared to handle social engineering attacks, especially phishing and smishing. Every month we send out test phishing campaigns to keep everyone on their toes and vigilant about this type of attack.
We can’t forget about new employees! A portion of every new employee's onboarding is dedicated to security training. We want to ensure that our employees are following security best practices from their very first day. We also don’t want to surprise them if they receive notifications about a security issue on their machine or in the application they are developing.
This year we are proud to support Cyber Security Awareness Month! Every October, staysafeonline.org provides information, education, and content to spread awareness of cybersecurity. As a Cybersecurity Awareness Month Champion, WillowTree will spread awareness amongst our company, partners, and friends to make the world a safer place.