Dorit Richter of the DENIC Team for Information Security attended the cyber security conference in Munich. Here are her most valuable take aways.
Firewalls, two-factor authentication, password manager – when it comes to IT security DENIC leaves no option unused to reduce vulnerability. Security awareness is another important element of the wide field of information security and even is laid down in the relevant ISO requirements. As the word says, it is about increasing employee awareness for issues related to the security of IT systems. But how can you create acceptance of the unpopular measures, which are often perceived merely as a nuisance interfering with the actual work?
The TAKE AWARE, the largest security awareness conference in the German-speaking countries, presented unconventional solutions to tackle this challenge. Crosswords, quizzes or online action games, for instance, can help to get a grasp on cyber risks in a playful way. Or you can establish an escape room for your employees: Experiencing first-hand what it is like when the screen with the detailed concept you just have developed with great effort suddenly goes irretrievably dark will cause anybody to reconsider things. And the employees will pass on their experience animatedly to others in the workforce.
Various studies have investigated why people are so reluctant to accept a little extra effort for the sake of safety when there is so much to do. It is the flow of thoughts they don’t want to be interrupted, the deadline you don't want to miss or simply the annoyance of having to take more and more annoying additional steps. Fortunately, there are measures that can be easily integrated into the workflow or even go unnoticed by the user. So, it is technically possible, for example, to prevent malicious attachments or links from reaching mailboxes in the first place.
Large corporations consider security awareness so important today that some of them even have established a separate department. At the conference, they shared their insights and best practices for successful awareness campaigns.
DENIC Security has taken home a lot of interesting incentives from the open exchange according to the Chatham House Rules [https://en.wikipedia.org/wiki/Chatham_House_Rule] that characterises the conference – also for its own awareness concept of communicating the particular challenges in the field. The tactics cyber criminals use for their attacks are adapting constantly and advancing at high pace. Employees must therefore not only be well trained to be able to recognise malicious action and to respond to it with confidence. Most essential of all is a positive security culture in the company.
DENIC is keeping its eye on the ball and constantly enhances its existing awareness program in line with the latest scientific and research findings – true to our motto "for a responsible internet".