Don’t click on that link
9 April 2018
Around 90% of all cybersecurity incidents involve employees making a wrong decision, like clicking on a malicious link. Start-up Digital Trust used insights into human behaviour to come up with a solution.
Cyber threats are one of the biggest challenges humanity will face in the coming decades. Companies often stick to technology to defend themselves. But is this enough when the biggest threat is human behaviour?
One wrong click, and your company’s data is compromised.
That’s why Mark Brown, Digital Trust CEO, and ING’s cybersecurity expert Sander de Bruijn teamed up in the Wholesale Banking accelerator to start Wyse, a new cybersecurity initiative that helps employees make better decisions online. The game-based platform, built by cybersecurity experts on insights from behavioural science, will be implemented by Digital Trust’s first client in April and by ING Wholesale Banking later this year.
Better safe than sorry
“We as employees bring risk with us in the organisation through mobile phones, laptops, or by logging in on a Wi-Fi network to pick up that quick email. ‘Small’ things like out-of-date software, weak passwords and unlocked screens make us easy targets for cybercrime,” explained Sander.
“But the biggest problem is that people don’t even understand the risk.”
A simple mistake can give attackers a foothold into the organisation, from where they search for valuable information. So you might want to start working on those bad habits like clicking on ‘remind me later’ every time you see a notification about updating your computer’s software, or leaving your computer unlocked when you go for a ‘quick chat’ with a colleague at the coffee machine.
Game it till you learn it
“What you want, as an employer, is for staff to change behaviour,” said Mark.
“But knowledge alone doesn’t work. Employees often get an information dump during their onboarding session, only to forget it a day later.”
The game-based model is an alternative to one-off trainings as it’s integrated in employees’ day-to-day digital behaviour through a series of interactive episodes consisting of quizzes, tips and real world challenges that users can play around with.
If you pick a weak password, you’ll get a notification explaining how easily a hacker would break into your account, for example. Wyse uses the same trick to remind users to update their software, lock their computers when going for lunch, or help them avoid one of hackers’ favourite methods, ‘phishing’ scams – emails or links with information that convinces users to install malicious software or hand over personal data.
“More people fall for phishing emails than you’d think. We help employees stay alert by training them to detect phishing scams. For example, we send out fake phishing emails on a regular basis and give users a solution right away when they fall for the attack,” explained Sander.
It was about time we said goodbye to tedious e-learning programmes.