3 Ways Cengage Group Practices Cyber Safety

Last quarter, we encountered 8.2 billion cyber-attacks. However, thanks to the unwavering dedication of our Privacy and Cybersecurity teams, every one of these attacks has been prevented or mitigated.

Eric Galis, Cengage Group Chief Information Security Officer, emphasized the profound impact that attacks can have on organizations, as evidenced by numerous news headlines. He stressed the continuous need to enhance the skills of the workforce to stay ahead of emerging cyber threats and effectively mitigate risk. Cengage Group performs risk assessments, then employs leading security partners, active monitoring of security events and regular testing to stay one step ahead of the attackers.

To recognize Cybersecurity Awareness Month, we spoke with Brett B., Matt G. and Desarie G. about how they contribute to safeguarding Cengage Group. Continue reading to learn how personal information protection, privacy principles and data security are involved in their day-to-day roles.

 

 

Safeguarding Personal Information

Brett, Marketing Operations Coordinator, joined Cengage Group in 2023. In his role, he interacts with personal information stored in various marketing applications. Brett also assists in processing deletion requests to ensure compliance with all privacy regulations. This helps guarantee that Cengage Group does not retain personal information without consent. Additionally, Brett manages user access to technologies, customizing permissions to limit access to potentially personally identifiable information.

When collecting and sharing personal information, Brett and his team consider:

• The information source – They evaluate the data's origin and ensure explicit consent for collection and use.
• The purpose of collection – They determine a specific purpose, whether functional, targeting or promotional. Collecting information without a business need exposes Cengage Group to risks, particularly when vendors store the data.
• Access controls – They implement user controls, such as Okta authorization and in-app provisioning, based on user roles and needs.
• Privacy Violations – They ensure proper consent is obtained and data is not retained longer than necessary.

Brett collaborates closely with the Cybersecurity and Legal teams to vet vendors and address potential security concerns. It is crucial to work only with reviewed and trusted vendors to minimize risk. He shared that unusual data transfers, unexplained system crashes, suspicious or unfamiliar activity, reports from customers and increased phishing attacks are just a few of the red flags he looks for.

Protecting personal information is not just important for organizations, but individuals as well. Brett advises using unique passwords and updating them frequently, using two-factor authentication where possible, regularly updating software, using a VPN on public wi-fi and being cautious about what you share on social media to keep yourself safe.

 

Embracing Privacy Principles

Matt, Director of Architecture, has been with Cengage Group for nine years. He emphasized that privacy principles are foundational in the design and deployment of systems and solutions throughout the organization. Privacy-by-Design plays a crucial role in building secure solutions that prioritize the privacy and data protection of instructors and learners.

To uphold these principles, Matt and his team have implemented various measures:

• Intake Questionnaires facilitate early engagement with the Security and Privacy organizations, ensuring that privacy concerns are identified and addressed from the outset.
• Design Reviews scrutinize the architecture to ensure privacy principles are integrated at every layer of the design.
• Limit Data Sharing with third-party vendors ensuring that nothing is shared without the right controls and contractual requirements in place.

While Matt and his team strive to protect privacy throughout the development lifecycle, Privacy-by-Design is a collective responsibility. Matt encourages all teams to consider privacy implications whenever Personal Information is involved. A proactive approach, similar to "See Something, Say Something," aids in early identification and mitigation of privacy risks. The Cengage Group Enterprise Architecture (EA) team, alongside the Security and Privacy teams, are always available to provide guidance and support to employees. Consistent application of privacy principles across all projects is crucial.

One of the primary challenges Matt faces is the difficulty of retroactively incorporating privacy considerations if they are not addressed early in the design phase. This is especially true for complex requirements, such customer deletion requests, that impact multiple systems, which demands a coordinated effort and robust data management practices.

While Privacy-by-Design may require upfront investment, the long-term benefits, such as protecting user privacy and maintaining Cengage Group's reputation, far outweigh the initial costs. By embedding privacy principles into the core of development processes, risks are mitigated, and compliance is ensured, fostering a culture that values and safeguards user data.

 

Strengthening Data Security

Desarie recently joined our team within the past year, with her main responsibility being the protection of personal information. To achieve this, the Privacy and Security teams must work closely together. Desarie explained that the Privacy team's role is to understand the privacy laws relevant to Cengage Group and summarize the requirements for the business from a legal standpoint. The Privacy team then works with the Security team to implement these requirements and establish controls.

To support the work of the Privacy and Security teams, Desarie encourages early and frequent engagement with them. Whether it involves developing a new product or improving a process, involving the Privacy and Security teams in initial discussions helps determine the necessary controls or safeguards that need to be implemented. This ensures that Cengage Group fosters a proactive rather than reactive culture regarding security and privacy matters. Deserie shared that being prepared with the right controls in place maintains that privacy and security remain at the forefront of everything we do.

Desarie has witnessed the devastating impacts of cybercrime and suggests using tools like Experian CreditLock as one simple step to protect your personal information during Cybersecurity Awareness Month.

 

Cybersecurity Training and Education

During Cybersecurity Awareness Month, Cengage Group actively engaged employees in weekly 'Cyber Smart Challenges' to enhance their knowledge of security and privacy. The quizzes covered topics such as password protection, handling personal information, virtual private networks and the impact of cyberattacks. These activities served as a valuable primer leading up to the company-wide Cyber, Privacy and Intellectual Property training scheduled for November.

Looking to sharpen your skills? Infosec, our cybersecurity and training education brand, developed free cybersecurity awareness training resources to help reinforce best practices. This comprehensive toolkit offers a wide range of resources, including training modules, assessments, posters, infographics, PowerPoint presentations, newsletters, and detailed communication templates. By utilizing this toolkit, companies can elevate their approach to cybersecurity and equip their employees with the necessary tools to navigate the online landscape safely. It's a valuable resource that can make a significant difference in enhancing cybersecurity practices.

Eric emphasized that the responsibility of protecting organizations extends beyond the cybersecurity and technology teams; it involves everyone. He highlighted that many high-profile incidents stem from attacks targeting individuals. Therefore, it is crucial to maintain vigilance, prioritize safety and continually enhance our cybersecurity knowledge.

 

Learn more:

To learn more about cybersecurity awareness, education and training visit the Infosec website. And to hear from more of our employees about the importance of staying cyber safe, check out Strengthening Cybersecurity: Insights from Keatron Evans and 5 Tips to Increase Your Cybersecurity Awareness.