By now, businesses should be more aware of the impact various forms of cybercrime and data breaches can cause them financially through downtime, remediation and lost productivity. In many cases this damage is far less costly than reputational damage for the company. Ensuring your business is protected from cyber breaches through carefully constructed, security oriented software and hardware systems is a key aspect to securing your business systems. However, many companies fail to mitigate against the security vulnerabilities associated with the actions of their employees. Research by SolarWinds in 2015-2016 points to 23% of UK organizations experiencing misuse of their company systems by their staff; typically, staff who are unaware that their actions can negatively impact their organization’s ICT security. Phishing and social engineering remain the method of choice for cyber criminals who target employees as an entry point for their attacks. Therefore, employees and their training need to also be considered alongside robust systems as first lines of defence against such breaches.
With the correct training, your employees will be better armed to prevent a cyber-attack and limit exposure to resulting downtime, loss of productivity and risk of reputational damage. This training is oriented to helping staff spot suspicious links in emails, create and maintain strong passwords and to avoid sensitive data leaks being made. Helping employees understand the value and privilege of the data they handle on a daily basis and how to identify potential threats goes a long way toward strengthening a business’s overall security profile.
Creating a culture of cyber security awareness amongst your employees can be difficult, but should be an integral part of your security strategy. It’s wise to invest in high quality, up-to-date training that will be remembered with actions implemented and repeated. While most organizations offer some level of training, education methods have not kept pace with technology, and classroom-based training alone is no longer enough to meet the everyday demands placed on modern cyber security processes. Rashmi Knowles, chief security architect at RSA has said of these training methods, “they provide no real metrics to monitor employee behavior post training, and attendance of a class does not show that the employee understands the implications of their actions.” One company, Living Security , is revolutionizing the cybersecurity training space with their immersive, gamified learning experiences.
What is gamification, and why include it in employee training?
Gamification is a trend referring to the application of game design theory and the psychology behind it in non-entertainment contexts to improve engagement and promote behavior change and information retention. Still a relatively new concept to the business world, gamified experiences have the potential to generate impressive outcomes for businesses, both internally and externally.
By integrating well-executed, scientifically-backed game design techniques including incentivized participation, positive reinforcement and intellectual challenge, Living Security has created a series of role-specific training modules that provide a safe environment for employees to learn about security and test their understanding of best practice management. Their modules also provide the ability to measure your human risk in real time, and the ability to benchmark against others in your industry.
Aliva has developed a range of Cyber Aware Security Services aimed at helping organisations protect their data and systems from Cyber threats and we see Education playing a critical role in equipping humans to support these physical technical layers. We welcome the opportunity to help your organisation determine if your current systems meet industry best practice guidelines and are aligned with Australian Security Directorate’s “Essential Eight”.
By Catherine Booth – Aliva Sales