Recently, the Click and Protect team took part in one of the regular CSP Whodunnit events. These are intended to be entertaining evening events, but also to raise cyber security awareness.
The idea is that the team role-play various characters (some of which may be suspects) in a cyber-crime. Attendees must collate clues and work out who is guilty of the crime and/or how the crime was committed. They do this by interviewing the characters, and sometimes reviewing various non-technical documents for evidence.
One of the CSP Directors acted as gamesmaster for the most recent event. He built the action around a known case where an employee leaked company data to a competitor. In this case, the crime was relatively straightforward for the employee to commit, due to a failure in a physical security control, and reasonably easy for the ‘detectives’ to solve, though they did need to talk to all the characters to make sure they’d found all the clues.
Without giving away the answer, the aim was to show that information security requires more than just cyber security controls. The attendees and staff all enjoyed the experience–sometimes it’s fun to play someone else, even if you are just hamming it up.
So?
As cyber security awareness month begins, think about how to convey the importance of all security controls to your staff. While the cyber controls may seem more glamorous and shiny, the rest of the controls are also important. This includes physical security (as in this particular event), of course, but also people and processes. Are your policies useful and appropriate? Do your processes support security, without getting in the way?
If you can make cyber security awareness training fun and interactive, your attendees are much more likely to remember the key message. Of course, you can always contact us to talk about our Whodunnit options if you’d like to play detective too. And we believe our blog posts are useful in explaining the what and why of cyber security, so do feel free to share links with your colleagues, or encourage them to sign up for our newsletter.