Arbonia’s employees are the driving force and at the same time ambassadors and implementers of Arbonia’s goal, namely to supply its focus markets with energy-efficient, high-quality and durable products for buildings to promote energy-efficient new buildings and renovations for a resource-efficient future. The employees show themselves to be committed, determined, and reliable in their everyday work.
As an internationally active company, Arbonia is aware of its responsibility for respecting human rights and avoiding child labour. In all countries in which it is active, it complies with the United Nations' General Declaration on Human Rights, the UN Convention on overcoming discrimination against women, the UN Convention on the Rights of the Child and additional international humans rights protection standards. In the reporting year, Arbonia also initiated the accession to the UN Global Compact and has committed to supporting the implementation of the ten principles in the sub-areas of human rights, labour standards, environmental protection and fighting corruption. The accession was initiated in 2021 and confirmed in January 2022.
Arbonia can only maintain its IT security together with its employees and thus protect the Group's operating activities and competitiveness against damage: The security awareness programme under the motto "THINK BEFORE YOU Click.Post.Type." helps employees to successfully recognize real threats and potential attacks and react to them correctly – in both their business and private lives.
Increasing networking, digitisation and the Internet are leading to a rapid rise in cyber crime. The threat situation has become even more acute and also more complex. Attacks on the digital infrastructure and on the data of the Group can lead to outages and supply bottlenecks and thus to considerable financial losses. An adequate information protection cannot be achieved by technical measures alone; rather, it depends on the employees' behaviour and handling of data and information systems. Arbonia employees are a central link in the security chain in the area of cybersecurity and must assume corresponding responsibility. The most common attack tool for cyberattacks is e-mail – followed by social engineering (manipulating or influencing a person) and the Internet. For this reason, it is extremely important to recognise, avoid and report suspicious sources. With targeted measures to strengthen so-called cyber resilience, Arbonia tries to reduce the risk of cyber attacks to an absolute minimum. The Group pursues a comprehensive security approach with technical measures, processes, guidelines and standards, the observance and implementation of which is checked on the Group level by the in-house ICT security officer and his team. The goal is to prevent cyber attacks of all types and to increasingly train and sensitise employees about this topic. The comprehensive security approach in the context of the information security strategy is continually checked via audits and penetration tests.
The security awareness campaign under the motto "THINK BEFORE YOU Click.Post.Type." contains various elements. Arbonia took a variety of measures in the course of the campaign, for example, training courses. In this context, employees were invited to participate in various awareness and training units, whereby in-depth training courses were provided specially for IT administrators and other exposed persons. These training courses provide information on the secure handling of data and information systems and aim to make everyday life more secure. At the same time, Arbonia called attention to security issues and threats with various poster subjects. For practical implementation, employees received an anti-phishing button as an Outlook extension that they could use to report a possible threat to the IT department with only a few clicks. To prepare and sensitise employees for an emergency, they also randomly received various phishing e-mails during the reporting year.
On the basis of a high cyber resilience and e-mail security, Arbonia generally strives not to experience any safety-critical events and thus to ensure a smooth course of business. For this purpose, penetration tests or attack simulations are also carried out and the results are used as the basis for continuous improvement. To manage security, for example, the cyber maturity is measured using defined standards. Further improvements and key performance indicators will follow in connection with upcoming projects such as, for example, the development of SIEM incidents (Security Information and Event Management).
