Do you want to play a game? – how to create non threatening cybersecurity games.

“Do you want to play a game?”    A line from WAR GAMES, a movie in the 1980’s about hacking a defence department super computer.   The computer mentioned could play a number of games including chess and tic-tac-toe.   Computer games have come a long way since then.

Today there are games for everything.

Non computer games have been used for decades.   Training games and role playing games have been used successfully in business for the last 60 years.   They are normally used to train sales and marketing staff in how to sell and how to sell well.    The smart phone and tablets have made it possible through games and applications to be used by anyone for practically anything.

Isn’t it about time we applied some of that know how to the business world when it comes to business security?

How can we apply games to cybersecurity to increase awareness?   I have looked on the interweb and have not found anything that relates to the following ideas.   The games do not have to be technologically based.   They can be simple or complicated.

– easy enough to create, the hardest part would be coming up with the required questions.   A magnetic playing board attached to a wall, either individual or in groups or departments.   Answer the question correctly move on, answer the specific question and get a piece of pie.

Flash cards with rewards – can be done through the local intranet, or something as simple as a Perspex stand at the front desk, rotated daily with anecdotes and jokes to liven it up.

Daily email / messages with a security focus building to a monthly prize.   This is one that would have the biggest impact on a business.   Start off with a daily email at a specific time to all staff, the first correct answer gets a $15.00 gift card.   With Google most answers can be found even for people who have no technological or security bent.

You have got their attention.   Increase this to a monthly prize, a little more substantial, like a weekend away, that can only be won with the most correct answers over the month.   Technology can be used for this.   Announce the winner at your monthly meetings, make it memorable and if necessary you can also combine the prize with other business requirements.

What you are doing is increasing awareness, security awareness, business awareness.   Combine it with OH&S and other business components that can be questioned and you will have very aware staff.  You are making small inexpensive changes to your staff attitude that will reap significant benefits in keeping your business more secure and more resilient.  Increase the focus and make it a broader set of questions.   This will strengthen your business culture, most people will be available no matter where they are, for that chance to win the daily and monthly prize.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply