What a Popular Board Game Can Teach Us About Cyber Breaches
By Sue Thomas, Marketing Manager
My eight-year-old granddaughter LOVES playing Clue, so we’ve been playing a lot lately. During our recent ShopTalk at Republic Bank of Arizona, I began to notice a lot of similarities between the game of Clue and our topic: Cybersecurity.
It was personnel manager Mrs. White, clicking an email link, in her office
Our cyber security expert, Brian Blakely of Cosant Cyber Security, didn’t relay a lot of stats, but one of the few he mentioned sort of blew me away: 90% of security breaches enter via email. And I thought the general population had become pretty savvy when it came to the dos and don’ts of email. Not so says Brian.
It was project supervisor Mr. Green, with the jump drive, in his computer
Another big no-no, innocently inserting a found jump drive into your work computer, maybe just to return it to its rightful owner.
What Mrs. White and Mr. Green need are guidelines to prevent the cyber criminals from getting access to company data.
The Ultimate Game Changer
Brian believes more than anything else, your first line of defense to prevent your business data getting into the wrong hands is to build a culture of security from within. He offers these steps on how to do that:
- Develop role-based security policies. Don’t start with products, start with people and their habits. Incorporate a strict password policy that may include two-factor authentication (username and password) or biometric authentication (fingerprint).
- Brainstorm. Get key individuals in a room and outline your data flow. You’ll uncover security risks you didn’t know were being used, such as shadow cloud data and more.
- Consider the company’s tolerance for risk. Start small and tailor your policies to your individual organization. Build your policies by answering these questions:
- What is our most important data?
- How is it at risk?
- Are we prepared to respond?
- When this happens, what do we need to do?
- How does our data flow, and what IT assets drive it?
4. Provide awareness training. According to Brian, the return on investment in this area is phenomenal. Providing awareness training and conducting phishing tests will provide the biggest bang for your buck. Incorporate this into your employee orientation and onboarding process.
5. Incentivize and reward. Keep security awareness top of mind with employees by rewarding them for following the policies.
Don’t leave your employees clueless when it comes to data security. Create a culture of security by clearly defining and communicating IT security policies, and then rewarding them for following those policies.