Building a Culture of Cybersecurity at Smart City Networks

Date: 05/09/2024

Category:

At Smart City Networks, our journey toward cybersecurity excellence didn’t start with a master plan—it began with a jolt. In 2018, we received a letter from a government agency that quickly got our attention. our core. One of our field networks was flagged as vulnerable, and the potential consequences were severe. The threat wasn’t just theoretical; it was real. This was our wake-up call.

When we dug deeper, we discovered that nearly all our networks were at risk, primarily due to a less than rigorous patch management process. It was clear that we needed a drastic change, and fast. We implemented a rigorous patching policy, mandating that any critical systems be patched within five business days. No exceptions.

Of course, this wasn’t easy. Our industry is anything but static. Events are constantly happening, and downtime is a luxury we don’t often have. But when it comes to security, excuses just don’t cut it. To drive this point home, our owners, addressed our General Managers in 2019 national meeting, laying down the law with what became known as the “No Blowback” policy. When the Network Operations Center (NOC) says a patch needs to happen, it happens—no questions, no delays.

With the tone set from the top, we established a weekly Change Management Meeting to ensure everyone was on the same page. This meeting became the nerve center for coordinating security updates, with all key players in attendance. It wasn’t just about getting things done; it was about creating a culture where cybersecurity was non-negotiable.

But patching systems was only half the battle. Phishing attacks were another significant threat we needed to tackle. Nationally, these attacks are responsible for a staggering 90% of data breaches, and no one is immune. To address this, we launched a comprehensive training program using the KnowB4 platform, complete with monthly videos, exercises, and simulated phishing attempts.

We knew that training alone wouldn’t cut it; we had to make it part of our culture. That’s when our Controller, Amy Stone, inspired our “Not Today Satan” campaign. It started as a joke—her way of warding off phishing attempts—but it quickly became a rallying cry. We created a Phish reporting button on our email interface, complete with the “Not Today Satan” branding, to make the reporting of suspicious emails easy and, dare we say, fun.

And because we believe in both accountability and celebration, we implemented a reward system. Employees who successfully avoid phishing traps are entered into a quarterly drawing for gift cards and a “Not Today Satan” shirt. On the flip side, repeated offenders go through remedial training—along with their supervisors.

Phishing awareness also became a part of our 5 Star Quality Assurance program, which ties into annual bonuses. This means that everyone, from the ground up, has a stake in our cybersecurity efforts.

Of course, we’ve hit some bumps along the way. Phishing attempts via mobile devices have been a particular challenge, and some of the content in our phishing tests has sparked internal debates. But we’ve tackled these issues head-on, always with the understanding that bad actors won’t hesitate to exploit any weakness, including emotional ones.

At Smart City Networks, we’ve come a long way in embedding cybersecurity into our DNA, but we’re not done yet. Every day is a new challenge, and we’re constantly learning and adapting. Because in the ever-evolving world of cybersecurity, you’re only as safe as your last click. We try to learn more every day and continuously improve our program. The battle never ends.

Scroll to Top