5 Enterprise compliance considerations, knowing 33% of employees are gaming and participating in sports gambling on their company PC.
Online gaming is now the worlds largest entertainment industry, opening gamers up to an increased risk of cyber-attacks. Furthermore, coupled with many employees working remotely, much of this is done using a company asset, which opens up a new exposure vector.
Awareness and accepting the reality that our employees would use our work PC for anything other than work is the first step in protecting yourself and being prepared.
Top 5 Gaming-Related Risks
The “human firewall” is the final stretch of your security infrastructure, so understanding the top 5 areas of exposure will help to build compliance programs to reduce risk.
- Malware – Gamers will unknowingly download malware in return for coins, cheats, or other ways to gain an advantage in the game.
- Phishing – You will sometimes see Phishers pose as a friend to create common interest and encourage others to download a malicious link.
- Weak Password – Many times employees will use the same passwords (weak passwords at that) for their gaming, as well as their professional applications.
- Social Engineering – Allowing attackers to install software and monitor online activities or launch attacks.
- Lost productivity – There is potential for attention and time lost due to a lack of focus on appropriate activities.
The Potential Impact on Compliance
Without stating the obvious from a cyber vulnerability perspective, we should also be aware that during a study of 1,000 full time workers, 80% reported playing during work hours and the average lost productivity was 50 min per week.
50 min per week x 52 weeks in a year = Over 40 hours (AKA one entire work week) of productivity per employee. That's a lot of time lost!
How Enterprises Can Respond
- Decide as an organization if you'll allow gaming on corporate assets. Once that decision is made, create your gaming policy and distribute to all employees.
- Ensure that you are compliant with all of your regulatory requirements – check out this solution for ISO 27001 Compliance.
- Manage your exposure by having a Risk and Compliance solution, such as 6clicks in place.
- Have an Incident response playbook – example here.
- Conduct internal audits and assessments – check this solution out.
- Train employees on things to watch for and how to protect themselves and the network.
- Ensure "strong" passwords are required.
- Have appropriate technology to protect against malicious activity. Read our blog on how to Navigate Cyber Security Compliance for more information.
A not so obvious one: Have “controlled gaming sessions” that are vetted out, create a positive culture and allow your employees to scratch this itch for 1hr a week!
Check out this blog from our partners at Thomson Reuters on other ways your organization can maintain compliance despite the extra challenges gaming may expose.
Gaming is not going away.
Creating an outlet and educating your teams on possible pitfalls, will help to protect our proprietary information while educating employees to be safe from personal attack.
Here at 6clicks, we have a truckload of cyber risk-focused checklists, risks, controls, assessments and playbooks inside our ever-growing Content Library.
Just getting started in your GRC journey? How about a whistle-stop tour with one of our 6clicks maestros?
Easy - just click the button below and let the good times roll.
All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!
Team 6clicks
Fast, clear, smart, agile. #NoSpreadsheets 🚫
Written by Heather Buker
Heather has been a technical SME in the cybersecurity field her entire career from developing cybersecurity software to consulting, service delivery, architecting, and product management across most industry verticals. An engineer by trade, Heather specializes in translating business needs and facilitating solutions to complex cyber and GRC use cases with technology. Heather has a Bachelors in Computer Engineering, Masters in Engineering Management, and a Doctorate in Information Technology with a specialization in information assurance and cybersecurity.