While Mr. Murphy has become an icon in our annual Web-Based Security Training, Stefan Gentsch, Cybersecurity Consultant with Siemens Advanta, noticed the ability for online training to affect habits in our day-to-day work has its limits.
Making Cybersecurity More Fun
That led him to think about helping his coworkers further raise their security awareness in a fun setting. “People have become numb to endless emails and being reminded of rules”, says Stefan. The result? He decided to run a Cybersecurity Challenge, in which his team members could put their security awareness up for test in a playful manner.
Everyone started with a balance of 100 points. Over the next three months, employees could win additional points for demonstrating good security habits such locking their Windows screen when leaving their desk. At the same time, points were lost through insecure practices such as sharing confidential information in unencrypted emails. In the end, the top three scorers would each win $100 gift certificates.
Within days of starting the challenge, people increasingly came to Stefan with security questions, such as whether a suspicious-looking email was malicious. In the second month, things became competitive at the top of the scoreboard, with colleagues finding creative ways of earning extra points. One team member explored mechanisms to auto-lock his laptop when leaving his desk, and another gave a talk demonstrating KeePass, a utility to safely store passwords.
How did the team perceive the challenge? “The human factor in cyber security is really mission-critical. It is a team effort and the challenge helped all of us to become less vulnerable“, says Tobias Taut, Senior Innovation Manager. “The security challenge is one important step towards identifying risks early on, which is one of the biggest challenges in corporate security”, says Sanjay Mishra, Cloud and IoT Architect.
Even after the challenge ended, Stefan still notices a lasting higher awareness in the team. “People have come to realize that security is everyone’s responsibility and simple habits can go a long way”, he says. “And people learned that security is not about distrusting your close coworkers, but rather developing good habits, and keeping a healthy sense of skepticism”.