Orange boosts the NSSO’s cyber resilience

18.10.2024

How can you ensure that all your employees handle sensitive personal data in a responsible way? The NSSO found the answer at Orange Belgium. “Since the introduction of the Managed Security Awareness Programme, the number of incidents has gone down.” 

Our social security contributions are itemised on our salary slip every month. These contributions ensure that payments such as benefits, pensions and healthcare costs can be made. The National Social Security Office (NSSO) keeps things running smoothly. “Obviously we process large volumes of sensitive personal data,” says Hans Vandebos. As Data Protection Officer (DPO), it’s his job to raise awareness about secure data management. “That’s not an easy task with 1,800 people working here.”

 

Public tender

When the EU’s General Data Protection Regulation came into effect in 2018 and Vandebos became DPO, he intended to publish one article a month on the intranet. “I wanted to keep everyone in the loop on the latest trends in cybercrime and make them aware of the risks,” he says. “But that’s rather like reinventing the wheel. Cybersecurity professionals can do this in significantly greater detail as their knowledge is much more up-to-date.”

Smals, the joint ICT organisation of Belgian public services in social security, then released an invitation to tender. Vandebos: “Orange won the tender with its Managed Security Awareness Programme, an awareness-raising programme that uses the training models of cybersecurity expert Phished.”

 

Since the introduction of the programme the number of incidents has gone down.

Hans Vandebos, Data Protection Officer (DPO)

 

Training sessions and phishing simulations

The programme was rolled out in two phases. “We started with training sessions for employees,” says Vandebos. “Those modules are short, engaging and accessible. Employees frequently tell me how much they learn from them. More than 80% of staff take part in most of the sessions.”

After six months of training sessions, the NSSO activated phase two of the programme: the phishing simulations. “Soon after the activation I received responses from employees who naively clicked on links in simulated phishing emails. They found it very troubling to realise they would have had a problem if the email had been real,” Vandebos says.

He continues: “The programme also continues to evolve. The phishing simulations still need a few technical adjustments because a government institution like the NSSO implements strict network security. Those adjustments are aimed at making the phishing simulations even more effective.”

 

Fewer incidents

The Managed Security Awareness Programme saves him a lot of time. “It’s time I can now spend on other tasks. For instance, all I do for new hires these days is organise an info session where I explain the basic rules on information security within the NSSO. All the rest is included in the training sessions: how to handle social media, what information can be forwarded unsecured, how to recognise phishing attempts, etc.”

Thanks to the programme, Hans Vandebos can be certain that employees learn something new every two weeks and are tested on what they have learned. “If someone consistently makes mistakes, I can focus on that person in order to find a solution. And it’s an effective approach. Since the introduction of the programme, the number of incidents has gone down.”

 

Would you like to enhance your employees’ security awareness? Discover the Managed Security Awareness Programme.

Hello, Interested
in our offer?
Welcome to
Orange Business.

Thanks for your interest in our offers, let's schedule a meeting.

Contact us

I have a question or a complaint