The way we live, bank and work continue to change and we must address the magnitude of the disruptions before us. With Future of Work, Workforce & Workplace (F3W) in place, we all start to embrace new rituals and behaviours and move to remote working / hybrid work environments. Living in this F3W age, our work lives, personal lives and finances have been transforming and this makes us more vulnerable than ever to malicious attacks or fraud. Cybersecurity is becoming more and more important to ensure the assets and data of both the bank and our customers stay safe.
How can we upskill the colleagues about cybersecurity in an interactive & fun way? We chatted with Thomas Chan of Technology & Operations (T&O) - Cyber Security Engineer-IT Security, who shared with us how he and his team created an attractive Cyber Fitness programme to strengthen the bank’s cybersecurity resilience.
“I studied engineering in the university and pursued my career in the IT field. Working in the engineering industry, we aim to develop various technical solutions in a quicker way so to free us time to work on other tasks. As technology evolves, I find that data security becomes more and more important for all kinds of industry especially in the digital era. I wanted to focus on cybersecurity field,” said Thomas.
“I came across an opportunity in DBS for cybersecurity around two years back. When I first joined the bank, it’s really an eye-opening experience for me,” mentioned Thomas. “DBS is not just a bank - it’s a technology company providing financial services. The bank’s culture is very unique. Traditionally, the way to secure data is to embed measures which may complicate the processes just like adding ‘locks’ to control day-to-day operations. Yet, this may set hurdles in workflow and create unpleasant employee experience while making business more difficult. In DBS, we are encouraged to come up with innovative initiatives and solutions in cybersecurity area so that we can do business in a secured approach without putting up obstacles. We aim to strike the balance between doing business in a safe way and taking technological advancement into consideration. For this, we get full support from senior management and our colleagues. ”
“I am deeply impressed by the way we work in DBS. Working in the cybersecurity team, I am involved in coming up with the strategic plan and work out solutions to mitigate cybersecurity risk. Taking staff’s cybersecurity awareness as an example, we are all encouraged to brainstorm and co-create new ideas. Instead of having traditional class-room training which only feeds cybersecurity information one-way to the audience, we keep up with the “I = Innovative” spirit of our PRIDE! values, to challenge status quo and eventually come up with the new idea to engage our colleagues on cybersecurity in an interactive way. We launched Cyber Fitness Programme (#CYBRFIT) which leveraged on a gamified platform that comprises with trainings, webinars, and bite-sized animation series so that our people can get the most out of it anytime."
#CYBRFIT is a user-centric interactive platform which our staff can get access to, anytime and anywhere, via their desktop or mobile device. It computes a #CYBRFIT rating for each employee and indicate how vigilant they are against cyber-attacks, while our colleagues can boost their rating by demonstrating good cybersecurity practice through gamified “workouts”. “Get-Set-Go”, a live webinar series featuring external and internal subject matter experts, was also arranged to share with our people the latest trends on cybersecurity and instill the best practice to safeguard from frauds. To make cybersecurity training more relevant to our staff, the team also adopted a storytelling approach. By creating two animated characters, bite-size animated video series were developed so that our colleagues can easily comprehend the real-world implications of cyber threats, as well as getting hands-on tips on good security practices.
Thomas continued, “The leadership team is very open-minded indeed. I really have to thank my supervisor for his trust and support and give me chances to try on new approaches. No one can imagine that we use animated cartoon to promote cybersecurity which sounds distant to most of our colleagues. We ride on daily life examples to bring out how and why cybersecurity is relevant to everyone - this is not only about our work-related matters, but also impact our personal lives. We are proud that we have successfully got their attention resulting with higher awareness on cybersecurity."
This Cyber Fitness programme not only received overwhelming positive feedback internally, but also being granted with external market recognition. The programme recently awarded as the “Best Cybersecurity Project” in Triple A Digital Awards 2020 from The Asset, a global multi-media financial publishing and research organisation. “As technology evolves swiftly, we have to keep ourselves updated with the new knowledge. The bank is very supportive to us by providing resources so that we can continue upskilling ourselves. We are encouraged to embrace a growth mindset for continuous learning in both internal and external trainings. The whole Cybersecurity team has taken part in the Certified Ethical Hacker Programme that we have to attend different training modules and get pass in a final 4-hour examination, plus another 6-hour practical examination. Though it’s not an easy one, I am proud to say that the whole team has gone through this successfully. We are all Certified Ethical Hacker (CEH) Master now, and I am fortunate to be listed as one of the Top 10 in the Global Ethnical Hacking Leaderboard. I would like to thank our managers in T&O and senior management for their support and devotion to enable us to be futureproof.” Threats to cybersecurity will continue to evolve in the new normal which will impact all of us. It is important for everyone to maintain good cybersecurity practices. Going forward, the bank will continue the efforts in upskilling our employees as the first line of defence against cyber threats.
At the end of the chat, we asked Thomas to use one word to describe his life in DBS. He replied, “Caring! I am deeply impressed by the bank’s effort in driving people related initiatives and taking care of the employees. For example, the bank is very open to get open and direct feedback from the employees through “My Voice”, the annual employee survey. Our senior management takes our feedback seriously and addresses our concerns and questions one-by-one in the townhall meetings. The bank puts in many resources to seek continuous improvement and provide a joyful work environment for us.”