Change Behavior, Change Company Cyber Security Culture

For an organization to have a strong cyber readiness strategy, employees within must be willing to recognize potentially harmful cyber behaviors and proactively work to change them. But how can you effectively influence employee behavior when it comes to cyber safety? The answer may surprise you…

It comes down to understanding employee’s psychological faculties first. What influences and motivates employees to actually change how they conduct themselves online, using workplace online systems and platforms? What must an employee think, do, and care about in terms of cyber security to alter behavior? What external factors and trainings can be adopted or modified to facilitate behavioral change?

The answer lies in games! Games are fun and engaging because it appeals to certain psychological drivers within us as human beings. These drivers motivate us toward certain activities. By utilizing gamified, immersive, hands-on cyber training, employees are able to improve their cyber awareness and ultimately change day-to-day actions.

Games can help change behavior because they address several psychological factors that inform and influence learning :

  • Games Provide an Immediate Benefit to Individual Learner – Games typically offer a sense of competition by way of leaderboards, scoring, and team-based play alongside incentives that help players understand “what’s in it for me?” when learning new information.
  • Games Offer a Sense of Accomplishment – Everyone wants to feel like they are making progress and working toward something, eventually culminating in some kind of reward (money, material items, praise, etc). Things like digital badges, “trophies,” level progression, and certificates can drive players to complete challenges and take on additional learning
  • Games Promote Feelings of Ownership – Self-paced games that a player can engage with on his/her own time makes them feel like they “own” Ownership innately motivates people to make their objective at hand, better. Self-paced cyber activities where the user is at the helm of their learning experience increases ownership and empowerment. They don’t have their manager lurking over their shoulder waiting for the next activity to be complete. They can do training on their schedule and at their convenience, when they are ‘ready’ to do it and in the right mindset.
  • Accountability – Utilizing games that involve teamwork instill feelings of acceptance, a ‘we’re in this together’ attitude, and a healthy drive of competition. These activities draw people closer together and make concepts relatable and understandable when they learn together. Training feels less ‘lonely’ and isolated.

Our platform, inCyt, is the perfect tool to help you weave cyber security awareness training into the fabric of your organization. By offering easy to digest information portrayed through interactive games, non-technical employees can gain a deeper understanding of how to stay safe online.

inCyt is an evolving training solution where those with limited cyber knowledge learn basic concepts through cyber themed battles. Currently, inCyt teaches password and email security along with general online safety, with future topics ranging from social media to remote work safety practices and more!

Change behavior to change company culture with inCyt. Not only will your employees feel more empowered to make safe choices online, but your organization will be better protected from looming threats.

To learn more about cyber psychology in the context of building a stronger cyber team and employee base, be sure to check out our on-demand webinar, Time to Reboot: The I/O Psychology of Cyber Security. To learn more about inCyt, schedule a demo today!

Top Tax Season Scams and How to Avoid Them

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

 

  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.

 

  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.

 

  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.

 

  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

Combatting Tax Scams with inCyt

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

inCyt: Inside the Human Element of Cyber

Organizations need to take a holistic approach to cyber awareness in order to successfully thwart attacks. Since all companies and employees access online systems in some capacity at work every day across many industries, it’s everyone’s responsibility to be aware of basic cyber risks. But how?

Circadence’s newest product, inCyt is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. Before we demo inCyt at RSA 2020 , join us for a sneak peak of the product on this webinar to learn how to protect the human element from cyber threats.

Things to do at RSA 2020 

This year’s RSA Conference is sure to be chockfull of exciting innovations, new technology, and swag galore. As much as we love the excitement of being on the expo floor, it’s always a good idea to take time to explore the conference, meet new people, and unwind with a few good colleagues or newfound friendsThis list of networking gatherings and affiliate events will help you make the most out of your RSA experience! 

 

Events through RSA: 

  • 2/25 6:00 pm to 8:00 pmCyBeer Ops Networking Reception – Craft beer tasting event that doubles as a great networking opportunity.
     
  • 2/27 6:00 pm to 9:00 pm: RSAC After Hours – Enjoy food, drinks, and dancing to a live 80’s cover band.
     
  • 2/25 5:00 pm to 7:00 pm: RSAC Women’s Networking Reception – Relaxed networking event celebrating women’s contributions to science and technology.
     
  • 2/24 5:00 pm to 7:00 pm: Welcome Reception – Kick off the conference with drinks and apps while previewing cyber solutions from over 700 exhibitors.
     
  • Multiple dates and times, registration required: RSAC Engagement Zone – Engage, network, and make personal connections with others who share your interests through Braindate, Birds of a Feather, Cooperative Learning roundtables, and more.
     
  • Multiple dates and times: RSAC Sandbox – Show off your cyber skills through hands-on experiences and mingle with peers at this engaging event.
     
  • 2/26 4:30 pm to 6:00 pm: Expo Pub Crawl – Enjoy complimentary beer, wine, and non-alcoholic beverages while visiting sponsor’s booths and learning about their latest innovations to support your business. 

 

Affiliate events: 

  • 2/24 7:00 pm to 10:00 pm: CYBERTACOS at RSAC – Talk over tacos with members of the local cybersecurity and broader IT community.
     
  • 2/24 7:00pm to 10:00 pm: Ignite – With live music, snacks, cocktails, and dancing, this is THE place to be Monday night.
     
  • 2/25 5:00 pm to 9:00 pmOptiv After Party – Thirsty Bear Organic Brewing Company will have great beer on tap while you network the night away. 
  • 2/25 6:00 pm, registration requiredVMware Carbon Black Networking Reception – This exclusive happy hour at the W San Francisco is sure to be the event you need to kick off your RSA experience just right. Register now as space is limited.
     
  • 2/25 6:00 pm to 9:00 pm: Non-Profits on the Loose – Meet and mingle with industry, policy, and government leaders in security and privacy at this soirée.
     
  • 2/26 11:30 am to 1:00 pm: Meet & Greet at RSA Conference 2020  Join the Executive Women’s Forum and meet the most amazing women at the RSA Conference.
     
  • 2/26 5:30 pm to 8:30 pmICMP Networking Social RSA 2020  – Network with members, friends, and guests of the International Consortium of Minority Cybersecurity Professionals.
     
  • 2/26 6:30 pm to 9:30 pmArctic Wolf Happy Hour – Sips and savors at TRES Tequila Lounge and Mexican Kitchen is the perfect mid-week way to unwind.
     

Stay up to date on any additional affiliate events as they get added by checking out this calendar provided by the conference, and be sure to swing by our booth #6480 to see what we’ve been working on and add to your swag collection

To get a sneak peek at our latest cyber training platform, inCyt and be sure to register for our webinar, inCyt: Inside the Human Element of Cyber. We can’t wait to see you at the conference and have some fun! 

inCyt: Bring the Power of Cyber Safety to your Whole Organization 

What is at the core of cyber? Is it computer chips? Monitors? Servers? Cyber wouldn’t be where it is today, or at all, without: humans. Understanding what it takes to keep your organization cyber safe starts and ends with the human element. As the only constant in the world of cyber, professionals need to practice awareness and continued training in order to defend against looming threats. 

Circadence is excited to announce our newest product, inCyt. inCyt is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. We believe that in order to prevent cyber attacks, cyber security must be woven into the very fabric of company culture. This platform will allow your entire organization, from Roger at the reception desk to Sally in the sales departmenteveryone needs to persistently practice awareness to gain a deeper understanding of cyber safe practices. 

 

Did you know: 

  • 52% of businesses say that employees are their biggest weakness in IT security, with careless actions increasing overall risk. 

 

To address these trends, we will be demo-ing inCyt live at this year’s RSA Conference in San Francisco, where the theme is The Human Element. 

Prior to showing off this exciting platform’s capabilities live, we will be hosting a webinar, inCyt: Inside the Human Element of Cyber, on February 18thRegister today to get a first look at this new technology and see how inCyt can help take your organization’s cyber readiness to the next level through games! 

Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

Photo by Alexandre Debiève on Unsplash

Photo by Marvin Meyer on Unsplash

Living Our Mission Blog Series: Cyber Security + Teaching = the Perfect Match for Developing Cyber Curriculum in Project Ares for Circadence’s Megan Daudelin 

Ever wondered about the people behind Project Ares’ development? How does Circadence identify and develop learning curriculum material to benefit today’s cyber professionals? The crux of the strategy stems from the talents within our own Circadence family and is the driving force behind this “Living our Mission” article. We are sharing the unique talents of Megan Daudelin, Team Lead of Curriculum Development for our flagship gamified learning platform, Project Ares. While one might expect that a cyber background is critical to any tech-focused role in a security company, Megan would argue that having a strong understanding of learning theories, experience teaching cyber subjects, and placing oneself in the customer’s shoes equally weigh in importance to successfully build rich cyber curriculum into our products.  

 Blending Forensics, Hospital Security, and Cyber Education   

Megan has a rich history in the cyber security industrywhich started after she graduated with her bachelor’s degree, and continued as she worked full time while completing her Master’s in Digital Forensics Management from Champlain CollegePrior to Circadence, she served as a Digital Forensic Analyst at ManTech and Information Security Content Analyst at Tenable Network Security. She also worked as a Network Security Analyst at New London Hospital between her stints at ManTech and Tenable, monitoring networks and medical devices in accordance with HIPPA. Those experiences helped her learn the importance of understanding an end-user’s behavior to identify and investigate digital evidence.  

 Her career as a digital forensic analyst revolved around gathering and interpreting data. She recalls a previous job where she was responsible for writing up a narrative around a customer by referencing only the information available in a customer’s device. She would get a sense of the day-to-day digital life the user led to understand who and how that person was using the technology.  

“That’s the part I liked, taking a vast amount of information and drawing the lines through the ‘dust cloud’ of data to figure out the connections between everything and turn the ‘cloud’ into a digestible amount of information.  

 As Megan embraced new skill acquisition on the job, she grew to appreciate how problem-solving played a critical role in managing threats for her employers and their customers. 

It was her passion for identifying the tools and techniques that best helped harden security posture that led her back to the classroom as an Adjunct Professor at her alma mater, Champlain College, to help groom the next generation of cyber professionals. Her professional experience across multiple disciplines in cyber, from digital forensics to network security to ethical hacking and incident response, allows her to teach courses on a variety of cybersecurity disciplines—a job she still does today.  

 Using Teaching to Inform Cyber Learning in Project Ares 

Over the last two years, Megan has taken her love for teaching and applied it directly to the innovation within Project Ares. She is able to see how her students learn best whether through direct, hands-on experiences or learning from peersand she applies those observations within a customer’s experience in the platform. All of this comes with the understanding that she must remember not to get “too deep” into one thought pattern, to maintain the “10,000 foot view” as she puts it, so that she can build cyber learning curriculum that is cross-disciplinary and cross-functional.  

 Megan put her cyber and teaching skills to the ultimate test at the Microsoft Ignite “Into the Breach” cyber defense experience in November 2019. She helped design six custom-built Battle Rooms in Project Ares that were used in a competition-style activity among event registrants.  The battle rooms provided a gamified learning approach to teach cyber professionals about Microsoft Security Tools. Megan used the Project Ares virtual environments to create hands-on, experiential learning activity that focused on problem-solving using Microsoft tools. By adopting the end-user’s perspectiveshe was able to help the players through the maze from the home page of the Project Ares interface down to the data they were looking for to find the answers they needed.  

“It was quite the adventure learning all these new security solutions and organizing them into a cohesive storylineWe weren’t asking independent questions to teach TTPs in a silo. Instead, we were walking the players through a single attack pattern. The narrative was knit together so that they could understanthat the tasks in the Battle Rooms were related to the progressive arc of a full-scope attack and there were different points along the kill chain where the Microsoft tools could help to identify, analyze, and respond.” 

Looking ahead…  

As Megan works hard to build learning curriculum into Project Ares, she can’t help but think about what lies ahead for the cyber security industry.  

 “I hope the prioritization of training and education continues to increase; I hope the prioritization of security as a pillar of someone’s organization continues to get recognition. I think we’re coming out of a phase where organizations felt that they could just ignore the elephant that’s stomping around their data center.  

 I’m hopeful we’re moving into a time that people are becoming more aware of their organization’s digital activity online…. not just in a check-the-box periodic program kind of way, but in the sense that cyber security readiness and training has ongoing funding and cross-function collaborationThe industry is moving toward recognition that this is where priorities lie.”  

It is this kind of forward-thinking mindset in employees that helps Circadence deliver state-of-the-art products and we are incredibly proud to have Megan within the Circadence family!  

Living our Mission Blog Series: Connecting the Dots – Academic Virtual Labs, Microsoft Ignite, and Battle Room Design from Circadence’s Matt Surprenant

After serving in the Coast Guard and learning IT, Matt Surprenant applied his technical abilities to the academic community, building out cyber ranges for students to practice their tradecraft in virtual environments. Managing virtual labs for 250-500 students wasn’t an easy job by any means, but it certainly gave him invaluable insight into how learning occurs to best train today’s cyber enthusiasts (tomorrow’s frontline defenders).   

At Champlain I grew from a student at the Helpdesk, to deploying software in physical labs, to managing virtual labs. After spending a decade at Champlain College, enjoying the collegiate atmosphere working and learning, I transitioned from creating virtual computing environments at Champlain to virtual ranges at Circadence.  

For more than 11 years at Champlain, Matt performed many cyber roles (help desk technician, imaging applications analyst, and academic service administrator) that informed his understanding of opportunities for innovation, and what is needed to train the next generation of cyber professionals. He was able to take that experience and apply it at Circadence for enterprises looking to embrace modern ways to train their own cyber teams and harden security strategies.

Creating Space for Productive Cyber Learning  

For the past three years, Matt has been responsible for constructing Battle Rooms within Project Ares. Battle Rooms are the training simulation environments where users learn the tools, tactics, and procedures of cybersecurity before entering the next “level” of activities in Project Ares called Missions.  Battle Rooms allow users to train and hone their skills before entering a simulated scenario environment with multiple components, narrative backstory, and where deeper application of skill comes into play.  

Currently, Matt manages the logistics for Battle Room development, guiding his team on project priorities week-by-week and acting as a liaison for the Content / Cyber Curriculum Team. Alongside the Curriculum team, he works to determine what the training outcomes are in each of the Battle Rooms. On the technical side of Project Ares, Matt ensures that the automation of environments and the logistics are working correctly. He enjoys developing content that guides a player along a cyber learning pathway, so they learn multiple skills from performing reconnaissance to enumerating networks. The Battle Rooms are particularly fun for him to build out because he sees them as “small spaces that teach specific concepts” and help inform a cyber work role a player might want to learn more about.  

 Since Project Ares’ debut, customers have greatly informed the kinds of Battle Rooms Circadence develops. After all, it is about the customer having the ability to train according to their specific cyber needs, so this strategy works out well for team members like Matt.  

 “I’ve really enjoyed developing the CTF (Capture the Flag) content for our customers. The customer gave us a walkthrough of their expectations, showed us some pre-made content, and shared ideas of how to configure the different pieces of technology. We [the BR team] worked up a functional configuration and validated playthrough based on our understanding of the customer’s expectations. It was incredible to see how successful the team could be playing to each other’s strengths in order to meet a customer’s request. The icing on the cake was that the content was very well received by the customer.” 

Observations from Microsoft Ignite  

Matt was able to lend his cyber expertise at the Microsoft Ignite “Into the Breach” cyber defense experience in November 2019. Five custom-built Battle Rooms in Project Ares were used in a competition-style activity among event registrants. The battle rooms provided a gamified learning approach to teach cyber professionals about Microsoft Security Tools.
 

“I was really excited to see how well the content in the Battle Rooms blended into the background as the purpose of the event was really to introduce registrants to Microsoft Security tools using a gamified environment.”  

Matt noticed registrants were curious to understand how to use these cyber tools in their own profession. The capability for Project Ares to deliver this educational experience to end-users, Matt reflects, was a huge benefit to see how learning unfolded.  

Advice for the Next Generation of Cyber Professionals  

“Trust but verify.” Those are the simple words Matt says he would tell any aspiring young professional interested in entering the field of cybersecurity.  

It seems like a simple statement, but I’ve found many security professionals don’t necessarily practice what they preach. Develop personal habits that help you professionally. A simple one is to constantly validate or fact-find when you’re told something. Ask questions! Does that update process actually work as you think it should? Should that application actually make web requests? Develop an inquisitive nature that will allow you to bolster claims with factual findings. 

For Matt, that inquisitive mindset occurred in high school when he found system administration was an interesting discipline.  

I started a high school club where one day a week we would “re-image” a writing computer lab with images that had games pre-installed and have a “LAN (local area network) party”. Club members (mostly my friends) would get together and play video games on the freshly reconfigured computers for a couple of hours. At the end of the event, we would reset the lab back to a writing lab. Sometimes there were minor hiccups that users (other students) would run into afterward. I enjoyed helping those users fix the issue, but I also enjoyed identifying how we could make it better next time we re-imaged the lab. That’s kind of what information/cybersecurity is for me – identifying weaknesses in configuration, policy, or procedure and making a change to mitigate that weakness. 

It is that kind of curious approach to building cyber learning into our products that helps Circadence deliver state-of-the-art learning tools today.  We are incredibly proud to have Matt as part of the Circadence family!