4
Vodafone Group Plc Cyber Security Factsheet 2023
Introduction
Strategy
Governance
Risk management
Events
Governance continued
Our people Although the cyber team leads on detect, respond and recover, preventative and protective controls are embedded across all our technology and throughout the entire business. Every employee has responsibility for cyber security and must follow the Vodafone Cyber Code, be sensitive to threats and report suspicious activity. Embedded in our Code of Conduct, the Cyber Code is the cornerstone of how we expect all employees to behave when it comes to best practice in cyber security. It consists of seven areas where employees need to follow security good practice. Click to read more about Vodafone’s Cyber code in our Code of Conduct: vodafone.com/code-of-conduct Training and awareness programme Our cyber security awareness programme is delivered digitally via our internal social media platform, videos and webinars. In addition, we perform regular phishing simulations across all markets and functions to raise awareness and train employees, with a target to run two exercises in each market or function per year. We have recently upgraded our capability to
run multi-market simulations and in the most recent exercise, sent almost 90,000 emails to employees in nine European markets and a number of Group functions. Using a standardised phishing test allows us to compare responses consistently. Those who click on the link in the phishing message receive immediate training. Cyber security is included within our Doing What’s Right training programme and our latest module was translated for non-English-speaking markets during the year, having been launched in English last year. We are also about to launch a training manual for contractors. Training on our Code of Conduct and cyber security is included in our standard induction process for new employees, and we expect every employee to complete annual learning interventions when assigned. We have recently performed another round of incident simulations for our local market Executive Committees. Up to the end of FY23, we had completed simulations in Germany and UK and the remaining markets will be planned for FY24. The simulations provide CEOs and their teams a realistic and tailored experience of managing a cyber incident and exercising their responsibilities in accordance with our common approach.
Our Cyber Code In 2019, we launched the Vodafone Cyber Code (see page 55), which has been designed to simplify and explain the basic security controls to all employees. Embedded in our Code of Conduct, the Cyber Code is the cornerstone of how we expect all employees to behave when It comes to best practise in cyber security.
ALWAYS use multi-factor authentication for remote systems that hold sensitive information. NEVER allow unsupported end of life systems in Vodafone infrastructure, or release unsecured products or services. ALWAYS apply the latest security patches, close critical and high vulnerabilities and configure systems securely. NEVER click on links or download without knowing who it is from. Report suspicious behaviour. ALWAYS remove access when staff change roles or leave Vodafone. Secure privileged access and only use it for privileged tasks. NEVER share or reuse your passwords. Longer is stronger. ALWAYS classify, label and protect information you work with.
Click to read more about Vodafone’s Cyber Code in our Code of Conduct: vodafone.com/code-of-conduct
Powered by FlippingBook