Uber wants cybersecurity to be 'as instinctive as breathing' for its staff

Uber's security manager Samantha Davison describes how she's trying to make security part of Uber's DNA.
Written by Danny Palmer, Senior Writer
(Image: CNET/CBS Interactive)

Encouraging employees to stick to even the most basic cybersecurity precautions can be a difficult task; often they're willing to take shortcuts in order to make life simpler, all the while not considering how a weak password or sharing files insecurely could lead to a disastrous data breach.

Like any company, Uber needs to ensure that its employees around the world know how to keep themselves safe from a data breach.

The car ride booking company, founded in 2009, immediately looked to secure its cyber defences because "attackers and hackers aren't going to wait for a company to become established before they go after your information, your data and your people," said ‎Samantha Davison, security awareness and education programme manager at Uber, speaking at the recent Infosecurity Europe conference in London.

"With my programme, working with the security team to build a larger security programme, it gives me the opportunity to bake security into our culture. We're really big on mission statements at Uber and the mission statement for my team is to make security as instinctive as breathing for all our employees, so they automatically know what to do," she said.

What helped make the scheme a success, Davison said is that it's had executive support from the board and that has had a trickle-down effect across the company's 6,700 corporate employees.

"It's obvious if executive support security then our regional managers support security. We rolled out our first security event and we had 70 percent voluntary engagement with the programme, which was not mandatory. Then you see the important influence of security."

Prior to working in security, Davison was an anthropologist and said that her study of humans provided her with experience to benefit Uber.

"Uber's in 70 countries around the world now so a one-size-fits-all model is definitely never going to work for us. We started out by going into our cities, doing one-on-one interviews to understand security experiences and how they like to learn, then we built programmes around that," she said.

While millennial employees sometimes get a bad wrap, Davison said that because Uber is dominated by staff in this age range, it's actually provided to be something of a blessing when it comes to addressing the cybersecurity issue

"In engaging the millennial demographic, Uber focuses on a lot of gamification, competition, sorting people into teams to help them drive each other to participate more, then giving them rewards, incentives and recognition for participation in the programme," she said.


Editorial standards