Card game for better information security
When a company is exposed to digital threats and attacks, there can be major consequences. To increase the understanding of digital threats and risks, researchers at Luleå University of Technology have developed a new tool – a card game.
The card game aimes primarily at small and medium-sized companies and the purpose is to help them protect themselves from external attacks. For example, it may be that someone prevents you from accessing your information or that someone unauthorized changes stored data. It can be viruses, ID hijackings or blackmail programs.
“What happens during the course of the game is that the players get a kind of aha experience and begin to understand both risks and security thinking,” says Johan Lugnet, Senior Lecturer of Information Systems and project manager for the Cynic project.
Human factor
The game's focus is on linking the individual's role as the weakest link when it comes to security. It is about understanding that technical protection, such as firewalls and virus protection, is not enough if people simultaneously take risks.
“Most people know that we should not click on the link in the email where it says we have inherited several millions. But this type of e-mail is becoming more sophisticated and can look quite accurate, it is becoming increasingly difficult for the recipients to decide what is a threat or an attack,” says Johan Lugnet.
Hidden threats
More and more business owners are exposed to IT crime. Part of the problem lies in the fact that the intrusions are not immediately visible. With burglar alarms, protective glass and locked doors you can see that a property is protected against burglary. A technical protection, on the other hand, is not as permanent as crime is constantly changing. Knowledge is required to monitor the systems that will prevent attacks, and when that happens, it is important to take the right countermeasures.
The most common risks for companies are mainly the neglect of their own employees or consultants, neglect or mistakes of a third party, errors in systems or IT processes or targeted external attacks, says Johan Lugnet.
“There is a need for a substantial dose of doubt and more common sense at an individual level. The card game should inspire and arouse interest in information security. Instead of small and medium-sized companies handing over information security to someone else to take care of, the result will hopefully be increased security awareness in everyday work.”
The Cynic project is funded through ERDF INTERREG Nord 2014–2020, which supports cross-border cooperation to strengthen competitiveness and attractiveness in and between northern Sweden, northern Finland, northern Norway and Sápmi. The project is also supported by Region Norrbotten and Lapin Liitto.
Think safety – tips on how to protect yourself from IT attacks
Secure passwords. Use long passwords, at least twelve characters, which are alphanumeric, that is, consisting of both letters and numbers. Change the password only when you suspect it has been stolen or when you have forgotten it. Use a password manager, then you do not need to remember your passwords. Alternatively, create an association so you can easily memorize them.
Log out of IT systems when you are done. Use unique passwords for all your systems. Avoid letting your browser remember your passwords.
Assess credibility. Social engineering is a combination of technical knowledge and social manipulation and the goal is to use people's credibility for criminal activities. By writing seemingly credible emails, you are tricked into clicking links, for example. If emails have misspellings and poor grammar you – be suspicious. If you are unsure if something is true, contact the alleged source.
Be up to date. To update your phone, computer and other platforms and applications are a good prerequisite to reduce the risk of intrusion.
Updated:
Page author: Contact us