5 Enterprise compliance considerations, knowing 33% of employees are gaming and participating in sports gambling on their company PC.
Online gaming is now the worlds largest entertainment industry, opening gamers up to an increased risk of cyber-attacks. Furthermore, coupled with many employees working remotely, much of this is done using a company asset, which opens up a new exposure vector.
Awareness and accepting the reality that our employees would use our work PC for anything other than work is the first step in protecting yourself and being prepared.
Top 5 Gaming-Related Risks
The “human firewall” is the final stretch of your security infrastructure, so understanding the top 5 areas of exposure will help to build compliance programs to reduce risk.
Malware– Gamers will unknowingly download malware in return for coins, cheats, or other ways to gain an advantage in the game.
Phishing– You will sometimes see Phishers pose as a friend to create common interest and encourage others to download a malicious link.
Weak Password – Many times employees will use the same passwords (weak passwords at that) for their gaming, as well as their professional applications.
Social Engineering – Allowing attackers to install software and monitor online activities or launch attacks.
Lost productivity – There is potential for attention and time lost due to a lack of focus on appropriate activities.
The Potential Impact on Compliance
Without stating the obvious from a cyber vulnerability perspective, we should also be aware that during a study of 1,000 full time workers, 80% reported playing during work hours and the average lost productivity was 50 min per week.
50 min per week x 52 weeks in a year = Over 40 hours (AKA one entire work week) of productivity per employee. That's a lot of time lost!
How Enterprises Can Respond
Decide as an organization if you'll allow gaming on corporate assets. Once that decision is made, create your gaming policy and distribute to all employees.
Ensure that you are compliant with all of your regulatory requirements – check out this solution for ISO 27001 Compliance.
Manage your exposure by having a Risk and Compliance solution, such as 6clicks in place.
Have an Incident response playbook – example here.
Conduct internal audits and assessments – check this solution out.
Train employees on things to watch for and how to protect themselves and the network.