Cyberawareness: time for gamification

 Gamification is changing the way companies raise awareness on cyberrisks. 

Awareness is a hit word nowadays: you are now aware of climate change, gender gap, air pollution, social inequalities, local consumption, fake news, etc. But are you cyberaware? 

People have long believed that they were out of reach of cyberrisks, that they only target large organisations. That is partially true. The organisations remain the primary target, but the ways to reach them has diversified. Nowadays employees are seen as the front door to gain access to any organisations' valuable information. Every member of every organisation should be aware of risky behaviours that could expose them to threats: that is called cyberawareness.

As an employee of an organisation - public administrations, private companies or service providers, you can be a target of cyberattacks. Chances are you have seen several good cybersecurity practices on flashy posters next to the coffee machine or in boring group emails. But in practice: How do you secure your passwords? How do you react to suspicious emails? Do you even lock your PC when you leave your chair? 

The question here is: Did these posters and emails have truly changed your habits? Most of the time this communication is too often risk-based and lacks concrete actions. It doesn't provide keys and solutions to face cyberrisks. Times have changed, and generations have evolved; nowadays people need more than rules, they need to be convinced.

It is now time to move to a solution-based approach to engage people and change behaviours!

One of the solutions to engage people and empower them is to encourage proactive participation through games: Imagine yourself as a hacktivist entering an empty office and willing to find the password of the person with only their personal items. Or put yourself in the position of an attacker writing a phishing email: how would you trap your prey? And what if you find a PC unlocked in a store and get access to thousands of customer accounts? These are only a few examples of games you could be playing.

Today's cyberawareness is based on dedicated moments between all employees of organisations to put good practices into real practice. This is a special moment when people work and play together to face small diverse challenges: escape games, redaction of phishing emails, spying, etc. with the sole objective to take the place of an attacker and understand how small risky behaviours can lead to major threats for organisations.

At Wavestone we have heard these concerns and worked for more than 10 years on new innovative and fun ways to raise cyberawareness in all kind of organisations, from the definition of their awareness strategies to the conception of activities, and the roll-out and steering of them. Among others, we have designed and implemented customised solutions adapted to our client’s context and needs: escape games, board games, 1-day cyberchallenge, quiz via mobile apps, serious games, etc. 

Videos have also been shot by Wavestonians to promote good practices for choosing a strong password or locking a PC session. More are yet to come; so, stay tuned for the #TotalCyberAwakening.

Remember that aware employees are aware citizens. And aware citizens make the world a safer place, rid of cyberrisks.