GC has issued cybersecurity policies and measures based on ISO 27001. We have also created employee awareness to reinforce the security and stability of our information and cybersecurity management system and prevent any action in violation of the Cyber-Related Computer Crime Act.

In 2021, GC extended the scope of application for ISO 27001 Information Security Management System Certification to include cloud storage and internet gateway and information system containing personal data relating to the recruitment process of new employees. The three principal elements which have been incorporated into the extended scope of application for ISO 27001 are:

Priority Extension of Scope of Application for ISO 27001 Information Security Management System Certification
1 Cloud Infrastructure as a Service
2 Cyber Zone / Internet Zone Network
3 Application Supporting Recruitment Process

Additionally, GC has made preparations and reduced risks from cybersecurity threats and thefts by establishing and monitoring Key Risk Indicators (KRI) in all three dimensions, which are people, business, and technology.

Key Risk Indicator: KRI 2021

Target Group Action Key Risk Indicator (KRI) Target (%) 2021 Outcome (%)
People Conduct phishing test Phishing report rate (Quarterly) >= 20 % 48.84 %
Employees who passed Phishing Test (Quarterly) >= 95 % 95.68 %
Business Perform vulnerability assessment to improve information system security Vulnerability Fixed 100 % 100 %
Technology Update and improve protection system against cyber breaches and cyber-attacks to heighten data security Update Firmware and Signature on Firewall 100 % 100 %

Furthermore, GC has educated employees on how to use information technology safely while utilizing infographics and e-learning to raise awareness of cybersecurity risks, enabling employees to apply such knowledge to their professional and daily lives.

Educating Employees on the Safe Utilization of Information Technology

Form Communication Detail Content Sample
Infographics Use infographics to convey news and information via e-mail to create employee awareness, and use Microsoft Form to evaluate their knowledge and understanding
  • Encourage users to change the password for protection against ransomware
  • Safety precautions for linking personal accounts to online applications
E-Learning Create an online knowledge center that is accessible to employees with a focus on creating awareness and understanding of fundamental cybersecurity issues as well as comprehensive information on cybersecurity threats
  • Business E-mail Compromise (BEC)
  • Report Suspicions
  • Defending Against Malware
  • Physical Security and Cybersecurity Linkage
  • Outcome – Average test score on cybersecurity knowledge = 87.6%