Protecting our people and products and the data we are trusted with.
- Greif’s oversight of physical security, cybersecurity and product security is key to protecting our people, products, assets and customer data.
- Our ability to improve our internal technology and technology-enabled communications with customers requires effective security measures to demonstrate our reliability and bolster customer satisfaction.
- Greif received no substantiated complaints concerning breaches of customer privacy and identified no leaks, thefts or losses of customer data in 2022.
Why Security Matters
Greif prioritizes physical security, cybersecurity and product security, which is critical to protecting our assets. Physical security includes safeguarding our facilities, ensuring the safety of our colleagues and maintaining a safe environment for our manufacturing assets. Cybersecurity defends Greif’s and our customers’ information resources – systems, networks, applications and programs – from digital attacks. Product security safeguards our customers’ products throughout the supply chain, including shipping and transport. Improvements in internal technology and technology-enabled customer communication enable us to enhance our reliability and bolster customer satisfaction. Greif will continue to build on best practices to improve our ability to protect internal and external information.
Should Greif fall victim to a cybersecurity breach, we maintain a Cyber Incident and Response Plan and an IT Services Global Business Continuity Plan, which outlines our steps to respond to and mitigate the impact of an incident quickly. Greif’s ethics hotline is available for suspect data breaches for all colleagues, and an automatic phishing report option is available to all colleagues with email access. We work with industry and regional associations and consortiums to support knowledge sharing of incident response, business continuity and cybersecurity best practices.
Training is a vital part of Greif’s cybersecurity program. Cybersecurity and awareness training helps improve our colleagues’ ability to identify and respond to potential threats and minimize risk in both digital and physical spaces. We train colleagues on phishing attacks, cybersecurity hygiene and general internet safety, among other topics. After completing the training, all colleagues must conduct a quarterly checkup, ensuring knowledge is retained and practiced. This training is compulsory for all colleagues with computer access, including our Executive Leadership Team. Our colleagues also receive quarterly newsletters promoting cybersecurity awareness, weekly security tips on topics ranging from password security to avoiding phishing scams and connections to external security speakers through Greif University. They also participate in our annual Cybersecurity Month awareness campaign each October. Greif works with a third-party partner to implement these training initiatives, and Greif’s overall phishing-prone score is 11 percent better than our industry’s average for large-scale manufacturers.
Each month, members from Cybersecurity, Human Resources and the Legal Department meet to discuss compliance with current and emerging data security and privacy regulations. We monitor regulatory changes and actions required to ensure compliance. To protect customer data, we follow a need-to-know model to limit the number of people with access to secure information, both internally and externally. Additionally, to ensure sound management of confidential data, we obtain consent through agreements and contractual clauses and comply with all relevant regulations. We implement software solutions to protect and encrypt our endpoints to limit our exposure to potential data breaches, and we continue to educate colleagues on our Records Management and Retention and Data Privacy policies. To further comply with GDPR, we have conducted GDPR training for our colleagues in Europe, the Middle East and Africa. Additionally, we routinely and securely destroy hardware and hard copies with confidential information with verified service providers.
We install tag readers and PIN code locks to safeguard physical access at our facilities, and a bill of lading is required for each shipment picked up from our facilities. Additionally, tamper-resistant enclosures are used throughout the supply chain to give customers confidence that their products are protected and secure.
Goals, Progress & Performance
Greif regularly reviews its security strategy and roadmap and assesses progress through third-party partnerships. In 2023, we will update our multi-year roadmap through a cybersecurity maturity assessment with an external partner.
The use of single sign-on (SSO) and multi-factor authentication (MFA) is key to protecting Greif’s high-risk applications. We have implemented next-gen antivirus solutions with endpoint detection and response services and expanded our automated detection and prevention processes in 2022. Greif will continue to assess its security maturity regularly, ensuring we apply and integrate best practices throughout all levels of the organization.
Greif received no substantiated complaints concerning breaches of customer privacy and identified no leaks, thefts or losses of customer data in 2022.