Friday, 3 June 2016

7 reasons to gamify your cybersecurity strategy

Gamification relies on the competitive nature of people to help harden the company’s security.

Game on
Data breaches continue to grow in number, size, severity and cost. With the increase in new security holes, vulnerabilities and attack vectors that need to be fixed, many businesses are turning to gamification to help employees adhere to cybersecurity best practices.

Gamification is the process of engaging people and changing behavior using game mechanics in a non-game context. Essentially, it’s taking what’s fun about games and applying it to situations that maybe aren’t so fun.

By using gamification, organizations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements like one-on-one competitions, rewards programs and more. Mark Stevens, senior vice president of Global Services at Digital Guardian, provided seven reasons to use gamification to address data security.

Reward good cybersecurity behavior
Reward employees when they abide by the rules, which will encourage continued good behavior. With gamification for instance, users could receive printable badges upon sending their first, 10th and 100th email without triggering a policy – leading to continued positive behavior.

Incentivize continued good behavior
Once an employee has an impressive digital badge collection, incentivize them to continue the good behavior, such as with e-store gift cards or company perks. On the contrary, if an employee continues to exhibit poor behavior in gamification, it may raise a red flag within the organization or warrant a need for further cybersecurity training.

Encourage an open data protection dialogue
Through gamification, an organization can establish a new data protection language, which encourages open dialogue among employees when discussing how to properly handle sensitive data. Instead of the topic being boring or rogue, workers are encouraged to talk about their achievements, challenges or lessons learned through the gaming system.

Address the lack of awareness
The most effective cybersecurity training is one that occurs on a regular basis throughout the year. However, a majority of businesses often don’t adhere to this training cycle, due to lack of time and resources. Gamification allows employees to acknowledge the lack of awareness and individual employee accountability sensitive data protection/hygiene, and ultimately change long-term behavior.

Increase employee engagement
Staff should be encouraged to print and display their badges in their workspaces and engage managers to recognize the good behavior by publishing a monthly leaderboard. Through leaderboard competitions and badge collections, end users are instantly engaged in the game – or training – at hand. This increases internal communication and creates new relationships, improving employee engagement across the board.

Find cybersecurity talent
Not enough people are entering the cybersecurity workforce, and most firms are faced with vacancies. Organizations like UK-based Cyber Security Challenge have been trying to tackle the talent gap by hosting yearly competitions where players face simulated threat situations they must prevent using their cyber skills. Winners are then offered lucrative job opportunities at large tech firms and government agencies who sponsor the challenge.

Audit to measure effectiveness
Of course, gamification is only effective if employees apply their lessons learned to real-world scenarios. For this reason, it’s critical that businesses measure the effectiveness of gamification at reducing real data risk. Conduct regular audits and cybersecurity assessments within the organization, to determine which employees would still pose as a risk outside of the gaming environment.

No comments:

Post a Comment