Learning Through Games and Exercises
Think back to the last engaging work event you had, what was so interesting about it? Did you play games or do team exercises? Games can be a very powerful way to learn. Today, we bring you a game or exercise to use for an in-person cyber awareness module focused on sensitive information. This is particularly helpful to do with people who are in similar job roles—say the entire payroll department.
How to Play
This team game is designed to solidify the idea that some online systems are more valuable than others. That is, valuable to the company and valuable targets for cyber criminals. Rather than read stats from a PowerPoint slide, get employees engaged in security-minded thinking. This game is kind of like the Price is Right’s “Easy as 1 2 3” ranking game.
Step 1. Break everyone into small teams. (If people are from different departments, each team needs to have a rep from each department.) Each team then identifies work-related apps or websites they use. Some results may include the payroll website, the employee portal, employee email, etc.
Step 2. Combine all results onto the white board/projector so that every team has the same list of apps.
Step 3. Each team is provided a list of types of sensitive information and what it is worth on the black market. For example, medical records are worth $10/record. Credit card numbers are worth $1/number. Teams then try to identify the types of sensitive information in each app. Does the app take credit cards? Does it store employee SSNs? Then, teams rank the apps in order of most valuable to least valuable.
Step 4. Teams present their findings and argue for why they ranked apps a certain way. Optionally, the winning team receives a prize.
At the end of the game, use the results to start a discussion about what employees can do to be vigilant about protecting the most valuable apps. How might a cyber criminal try to get them to reveal their login for that app? Should they be wary of phishing emails/messages that impersonate that app? Should they double-check the URL before logging in to that app?
Learning through games provides a chance for employees to engage with cyber awareness in a new way, as well as an opportunity to build a stronger relationship with their team.