How to Gamify Your DLP Program
Between insider and outsider threats, protecting your data is no easy feat. Gamifying your DLP program on top of putting a complete solution in place will certainly reduce the risk of a data breach and train your employees to spot suspicious activity.
Following an RSAC presentation, we hosted a webinar: "Call of Duty DLP: The Gamification of DLP", where our Senior Vice President of Global Services Mark Stevens discussed why you should implement gamification and the ins and outs of an effective program. You can watch the full webinar here. Check out a sneak preview of the webinar below.
Why do we need gamification? In the cybersecurity space, there’s a major skills gap and employees often lack expertise. That’s where gamification comes in. Gamification has a proven track record of success in changing human behavior and helping people learn.
The great thing about DLP is that once you have a program in place, gamification can easily be integrated by leveraging some core DLP features, including: policies/rules, user prompts, reporting and email alerts.
With data protection policies, you set the ground rules for how your employees interact with sensitive data, such as what information can be sent over email or who has access to certain files. Once those policies are in place, you can set up user prompts or popups that inform users they may be about to violate a company security policy. User prompts are traditionally used in a “hand slap” approach. However with gamification, you should also use them for positive reinforcement by congratulating employees for doing the right thing. Most DLP solutions also have the ability to create custom reports which, like user prompts, typically highlight the bad stuff like at-risk machines and policy violators. With your “game” you want to highlight the good stuff as well so that you can set up a point-and-reward system to incentivize good data security behavior. Lastly, you'll be using email alerts to send your security team notifications of both policy violations as well as highlights of compliant behavior.
Gamification is great for positively reinforcing compliance among your employees. It reduces training time by encouraging your employees to learn as they go and develop good behavior in practice, and it makes cybersecurity more fun with a bit of friendly competition to see who can win the most rewards, whether they be badges or gift cards. To learn more about how you can gamify your DLP program, watch the full webinar on demand.