NWO-I, Institutes Organisation of NWO Search
Menu
Print this page

Start part 2 Awareness campaign: knowledge security and protection of personal data

Basic knowledge is important for each NWO-I employee

Part 2 of the awareness campaign is live. All NWO-I employees have received an invitation to complete two e-learning modules about knowledge security and privacy. NWO-I possesses important knowledge and technology that employees must handle with care. The same applies to personal data: what do you share and with whom? All of this is explained in the modules. NWO-I hopes that everybody will take the time to complete these two new modules - and the previous three about phishing, passwords and handling information.

Knowledge security: NWO-I stores a lot of knowledge and technology

With the awareness campaign, NWO-I wants to realise a positive behavioural change in the area of information security, privacy and knowledge security. In the two new modules, the focus is on knowledge security and privacy. Why is it important to know what knowledge security is? This subject is part of the work of Ella Bosch, policy officer at NWO-I. She explains that the institutes store a lot of data and sensitive technology, which is also of interest to other organisations or countries. Bosch: ‘NWO-I must ensure that this does not end up in the wrong hands. In the e-learning module, we let colleagues decide for themselves which knowledge they should or should not share with others, and how they should act in certain circumstances. With this, we hope to achieve a basic level for the subject.’

Everybody should be alert

Bosch says that colleagues sometime tell her that they do not handle sensitive knowledge during their work. In which case she always answers that knowledge security affects the entire organisation: ‘Once we’re all alert to undesirable situations, this will contribute to greater security for the NWO-I organisation as a whole. One such example is how you deal with visitors at your institute. Do you let them photograph everything with their smartphone? And how would you respond if employees or research partners inform you that they are experiencing pressure from their home country to share knowledge?’ Since September 2023, NWO-I has guidelines in place for business trips, visitors policy, recruitment and selection, and international collaboration. These guidelines can be found on the intranets of the institutes. Bosch also adds that knowledge security is a theme for which NWO-I continuously develops new policy: ‘After all, the geopolitical situation is not static.’

Privacy

The other new module in the awareness campaign discusses the General Data Protection Regulation (GDPR), or more specifically: privacy. Abigail van Moosel is the central privacy officer at NWO-I. She explains that, in line with the GDPR, the organisation has the responsibility to deal carefully with (digital) personal data. GDPR reinforces Van Moosel’s conviction that privacy, above all, means that you must have respect for each other’s identity and dignity. Van Moosel: ‘Everybody should have the opportunity to develop themselves with as few external influences as possible. You need to be able to decide how you present yourself, where your preferences lie and who knows what about you.’

Don’t mail but share

The GDPR prescribes that NWO-I should properly inform its employees about how to deal with personal data carefully to optimally protect privacy and fend off misuse. Van Moosel: ‘It starts with the idea that everybody knows what personal data are. Examples are an IP address or a person’s name, address and domicile. Next, you need to know what you are allowed to do with information about people. Are you, for instance, allowed to share why a colleague is in hospital? No, that’s really not permitted. And can you attach an Excel file with training registrations to an email? “Don’t mail, but share”, is what we say. You should only share personal data via the secure programme designated for this by your institute or the NWO-I office, such as SURFfilesender, ownCloud or SURFdrive. These are the subjects that we cover in the module about the GDPR.’

Check out the leaflet!

The awareness campaign runs until May 2024. Van Moosel emphasises that the campaign and the e-learnings are just a start. After that, attention for information security, knowledge security and privacy must be regularly placed on the agenda again, because – so practice has taught us – the awareness level decreases over time. During the on-boarding of new employees, NWO-I will also pay attention to this so that they immediately know how NWO-I deals with the mentioned themes. Van Moosel refers to the leaflet that was especially developed for the awareness campaign, with eight golden rules that provide tips for handling information securely. ‘Take a look at these first, they provide a nice introduction. I also advise people to go through the modules not just once, but preferably twice. Experience has taught us that this really helps to better retain the information. It only takes 90 minutes to complete all five modules.’

Phishing mail

Were you one of the NWO-I employees who recently received a bogus phishing mail? Then you were part of a sample of employees at the institutes and the office who took part in a phishing simulation. The bogus email was a follow-up to the first phase of the awareness campaign. Phishing starts with a fraudulent email or other communication to entice the victim. The message appears to originate from a reliable sender. If the recipient takes the bait, there follows a request to provide confidential information, often via a false website. If an NWO-I employee subsequently shares this information, this can threaten the information and knowledge security, and also the privacy of colleagues and relations. Sometimes, malicious software (malware) is downloaded to the recipient’s computer as well. This software can damage, spy upon or take hostage our computers and devices.

To click or not to click?

With the phishing simulations, NWO-I wants to increase awareness about such fraudulent mails. NWO-I examines how the organisation responds to the emails and, based on the percentage of clicks, decides whether people respond in a better way. Project leader of the awareness campaign, Bas Beltman, emphasises that NWO-I examines this at the organisation level and compares the scores to national benchmarks scores. Several phishing simulations are planned during the campaign.

Text: Anita van Stel

How does e-learning work and access to modules

NWO-I make use of Wave, a platform with short learning interventions. What does an e-learning module look like? The module contains three explainers that provide details about the subject. This is followed by a quiz with a total of nine questions about the subject. While answering the questions, you can go back to the explainers any time. It takes about 10 to 15 minutes to complete the module. You can stop the module and complete it at another time. It is also possible to complete the module more than once to achieve a better result because you do, after all, want to obtain the maximum score. Your privacy is safeguarded: the results cannot be traced back to you. The modules also contain a separate, interactive skills game which shows pop-ups with links. For this game, you need to figure out whether these links are safe enough to click on. Via this web link you can access the modules.

Text: Anita van Stel

Newsletter Inside NWO-I, December 2023
You can find the archive of the newsletter Inside NWO-I on the NWO-I website.

Confidental Infomation