WORK | training
Be aware, play your part
Security Awareness Campaign | As the ingenuity of cyber criminals and industrial spies increases,
the EPO is putting in place the training that will help to ensure all staff are equipped with the skills they
need to protect and secure confidential data.
Workplace security has changed beyond
recognition in the past 25 years, not least
in the way that we handle confidential in-
formation and other sensitive data. The
EPO is at the heart of this transformation,
with strong bonds of trust with clients
who depend on us to protect patent infor-
mation as well as validate it.
The risk of cyber attacks and cyber espio-
nage is rising. According to the European
Union website, one in five European com-
panies has suffered at least one attempt
to steal its trade secrets in the last ten
years. And that number is growing, with
25% of companies reporting theft of infor-
mation in 2013, up from 18% in 2012.
THE HUMAN FACTOR
Technology plays a key role in protecting
confidential information. After all, hackers
breaking into computer networks are the
40 gazette July 2014
FEEDBACK FROM PARTICIPANTS
“I liked the clear way the information and courses were communicated. Naturally, it is
important to return to this subject over and over again, because we are dealing with
sensitive and valuable information. And staff should not take the subject lightly.”
“BRAVO to everyone who developed this course. The modules give a good overview,
emphasising the importance of staff’s own responsibility in security matters. Great
idea to allow the printing of a certificate.”
“It was fun doing the exercises. It is important to stress people’s own responsibility.
I would also suggest thinking about possible follow-up sessions and/or tests. To change
people’s behaviour, repetition is key.”
stuff of headlines – and blockbuster mov- phishing is done by sending emails,
ies. In reality, one of the greatest threats is voice-phishing involves calling the victims
human behaviour. If an industrial criminal and relies on their willingness to help the
is able to gain someone’s trust, he or she person at the other end of the line. If the
can obtain virtually any information about caller has a plausible story, the victim may
a company, without technical hacking well not suspect that an attack is under-
tools. In short, it’s much easier to trick way. Attackers psychologically manipulate
someone into handing over a password people and convince them to perform ac-
than to expend the effort needed to crack tions aimed at gaining access to confiden-
the system. tial information.
One of the techniques most widely used The EPO is well-equipped to resist such at-
by criminals is “social engineering”, includ- tacks. Confidentiality and trust are two of
ing  voice-phishing. Whereas “normal” the most powerful watchwords in our or-
ganisation’s culture. What’s more, the
EPO’s information systems have been de-
signed and built from the ground
up to protect patent and
other confidential infor-
mation entrusted to us.
To mitigate the risks we face, the EPO or-
ganised a lecture on “Social engineering
and physical security” on 2 July. The audi-
ence was invited to learn which tech-
niques and tactics are used by criminals to
infiltrate organisations like the EPO.

TIMELINE ACTIVITIES SECURITY AWARENESS CAMPAIGN 2014
24.09
Launch course II:
Physical Security
SECURITY AWARENESS CAMPAIGN
The EPO is running a course to ensure that
everyone is equipped with the latest
knowledge on how to access, share and
protect information on mobile devices
correctly.
This first e-learning course was launched in
June by VP4, Željko Topić. Two more mod-
ules will follow by the end of 2014. All three
are mandatory for all staff. Although each
course only takes 15 minutes, they cover the
full range of security techniques, from
physical security to theft prevention, part-
time home working and travel security.
They are based on interactive learning and
include a test to check that all the import-
ant points have been learned. By printing
out a certificate you can prove that you
have successfully completed the learning
unit. Completion of all three courses will be
checked at the end of the reporting year.
Željko Topić says, “This basic online train-
ing course primarily aims at reminding
each of us of our responsibility when
dealing with sensitive information. Staff
will gain awareness, confidentiality and
security habits surrounding the use and
disclosure of data.”
Manuel Meijas Torres, Head of Security at
The Hague, and David Gasper, his counter-
part in Munich, stress the good news,
which is that the most effective measures
are also the simplest. Manuel Meijas says,
“Don’t leave your office without locking
your computer and checking for docu-
ments left lying on the desk. Next to en-
forcing your own ‘clear desk’ policy, re-
questing a key for your office from the
ServiceLine can also help minimise risks.”
training | WORK
15.09 17.11 26.11
Start weekly series of Launch course III: Lunchtime lecture III about
IM security tips on the intranet Theft Theft (and Social Engineering)
TH Auditorium with
Lunchtime lecture II
live transmission to all sites
about Physical Security
TH Auditorium with
live transmission to all sites
CALL THE SECURITY HOTLINE 2222 KEEPING MOBILE, STAYING SAFE
David Gasper adds, “Contact the 2222 The sessions also showed how staff can
emergency line if you’re concerned that keep information confidential when carry-
security may have been compromised.” He ing smart devices, whether phones or tab-
also encourages employees to spread the lets. Even though the EPO provides the de-
word. “Remind colleagues to be vigilant, vice, it’s important to minimise the risk of a
and keep encouraging good habits, espe- security breach. And this risk increases when
cially as time passes after people have tak- people are working away from the Office,
en the course.” possibly in public Wi-Fi zones for example.
The online courses are also supported by To sum up, the technology that protects
a series of lunchtime security lectures, the EPO from criminal activity is only as
articles in the gazette and news on the good as the people who work here. By
intranet. The first lecture of the 2014 series learning good habits and new skills, indi-
on cyber-crime and hacking was given on viduals and teams can remain vigilant, and
2 July and a recording is available in the safe from even the most ingenious scams.
Media Centre. Of course, there’s more to this than just
The response from the EPO staff who at- building confidence internally. Best securi-
tended was extremely positive. While many ty practices also build trust with our cli-
were surprised at the ingenuity of the latest ents and partners and help cement the
security scams shown live on stage, they EPO’s reputation as one of the most pro-
were reassured by the training and the skills fessional and trustworthy patent offices
available from the EPO’s IM department. in the world.
For many, it was also an eye-opening expe-
rience – not least the “performance” of a Sabine Lunau, Internal Communication
team of experts who hacked laptops live Peter Springett, freelance author
and in front of the audience.
GET STARTED ON THE
SECURITY E-LEARNING COURSES
The Security Awareness Campaign will run for at least six months
and all staff will have to complete the three e-learning modules and
prove successful participation. A certificate can be printed after
completion of each course. To get started with Course 1 (“Part-time
home working and travelling”) and find out more about how to
handle sensitive data, go to https://talent.internal.epo.org/auth/
saml/login.php.
For additional information, see the intranet:
Work > General Services > Security at EPO.
Contact: securityawareness@epo.org
gazette July 2014 41