How Deluxe leverages fun to enhance its security posture

Here are a few ways Banks shared that help Deluxe maintain its own robust security posture through trainings:

1. Marketing-centric approach

Strengthening your organization’s “human firewall” requires more than traditional training methods, which are often seen as dull (and thus, ineffective). For cybersecurity training to be impactful, focus on fun, engaging tactics.

“One of the things that we did was a play on my name – Clarissa,” Banks shared. “If you remember back in the nineties, there’s a show called ‘Clarissa Explains It All,’ and we had a really fun campaign [developed around] that.” From dressing up in 90s-centric gear to videos and activities based on the TV show, Banks’ team developed an entire campaign for Cybersecurity Awareness Month to make training more fun and resounding.

2. Gamification

Banks’ team also puts out monthly phishing simulations based on current news to help employees relate real-world scenarios to cybersecurity, improving their detection skills.

“We use recent news articles and topics to trigger people's memory,” Banks explained, noting how this connection to real-world events encourages good practice in detecting phishing emails. By keeping the training dynamic and relatable, employees are more likely to engage and retain crucial information.

3. No “gotcha” moments

Encouraging proactive participation in security practices through positive reinforcement is far more effective than punitive measures.

“Punishment is not a preferred way to incentivize folks,” explained Banks. Instead of punishment, use rewards, such as a ‘wall of fame’ that highlights departments that excel in spotting and reporting phishing.

“It’s an ongoing incentive to be a good cyber citizen,” Banks said. This approach fosters a culture of enthusiasm and accountability around cybersecurity. Recognizing and rewarding good security practices encourages ongoing engagement and commitment.

4. Consistent communication

Effective, ongoing communication is key to keeping security messages fresh and engaging. Banks’ team utilizes various methods of communicating, including emails, chats, and in-person sessions. She’s not afraid to branch out into more creative formats to deliver security messages, too.

“Another example I've done before is rap videos,” Banks shared. “It’s a very non-traditional concept, but for various audience, it tends to resonate." Tailoring the delivery to resonate with different audiences within the organization ensures that everyone can relate and stay engaged.

5. Awareness of emerging threats

Staying aware of recent cybersecurity trends is another good defense. A recent example of these trends is the increasing use of generative AI to bypass security measures and create convincing phishing attacks. Employees should be vigilant about external emails, carefully checking sender details and being cautious with unexpected requests or links. Regular updates on emerging threats help maintain an elevated level of awareness and preparedness.

6. Encourage good security habits at work and home

Simple yet effective security practices are essential for protecting both personal and corporate accounts. Here are some key tips Banks shared:

• Use a password management tool. Avoid password reuse by using password management tools like LastPass or 1Password.
• Longer is better. Create strong, unique passwords for each site, with passwords being 16 or more characters long. If you struggle with this, Banks suggests adding the site name the password applies to into the password itself.
• Enable Multi-Factor Authentication (MFA). MFA is crucial for securing accounts, providing an extra layer of protection.
• Complete phone updates as soon as possible. Software updates generally involve increased security measures or security fixes, so keep devices updated to safeguard against vulnerabilities.
• Be smart when using public Wi-Fi. Use VPNs on public Wi-Fi to ensure secure communications. Only visit websites that begin with “https,” and turn off sharing settings for files, devices and public folders.

These practices are fundamental and can significantly reduce the risk of security breaches.

Key takeaways

Organizations can strengthen their “human firewall” through fun, interactive activities that encourage healthy security practices through positive reinforcement. This high-engagement strategy promotes better retention rates, and positions cybersecurity as a habit rather than a chore.

By integrating these strategies, organizations can create a comprehensive and engaging cybersecurity program. This not only enhances the overall security posture but also fosters a culture of initiative-taking security awareness throughout the organization. As the cybersecurity landscape continues to evolve, staying ahead with innovative and effective practices will be key to safeguarding your organization's assets, data and privacy.