By Susan Belknapp, California Business Journal.
The amount of money U.S. companies lost from online security breaches and cyberattacks in 2018 was $654 billion.
Expect similar results this year.
Businesses feel the intense brunt of the damage in lost revenues, irreparably harmed reputations and tens of millions in possible fines and fees. Small to medium-sized businesses can – and have been — wiped out entirely.
The irony is that 95% to 98% of the time, it is an individual who is responsible for allowing the hack to happen in the first place. Hackers are experts at fooling unsuspecting and untrained workers into clicking a dangerous link. They use human curiosity, habit and complacency to fool people into clicking. That “one click” can not only wipe out companies but – as we’ve seen – it can infiltrate the personal information of hundreds of millions of people worldwide. Remember Target? Equifax?
Since the breach is almost exclusively due to human error – and hackers will continue to create new and creative ways to fool people – the most important line of defense is training. Employees must receive specific, targeted training with continued reinforcement to protect their companies and consumer information.
Enter NINJIO, the brainchild of Zack Schuler, who calls his company a “gamified security awareness” training system that operates on these principles:
–People learn through storytelling and visuals;
–The shorter and concise the message, the more individuals retain;
–Frequent reinforcement to maintain a high level of awareness, otherwise, individuals revert to old habits.
This is a connection Schuler made during downtime after selling his first company. “I was feeling adrift,” says the self-proclaimed “computer geek” who came of age just as the home computer industry made its debut. His dad had his own business and Zack became “computerized” very early on.
As the industry took off, so did Schuler. After receiving a degree in business with a marketing emphasis, he studied Microsoft certified networking. It was actually a certified systems engineer that gave him the skill sets to excel. Soon, he launched his first business, Cal Net Technology Group, which grew to 90 employees and $90 million in annual revenue. He sold the firm, yet quickly realized that retirement wasn’t what he had in mind.
“The life of leisure wasn’t for me,” he says with a laugh. “I went golfing every day for two weeks straight and got worse every round,” he says. “I felt I didn’t have a purpose anymore.”
One day he came across an article about the state of security awareness. “It said 95 percent of hacks were successful because of human error. I thought, ‘That is a big number – wouldn’t it be great to solve that?’”
He dove right into studying the industry and he soon recognized that training was being done as a compliance exercise “because somebody was required to do security awareness training,” he says. “The course requirement would be satisfied but nothing would get solved.”
He pauses and adds: “If you’re going to be using a CRM system in your job every day, you need to learn it,” he says. “But with security awareness, if you don’t really learn it, no one can tell. So you have to incentivize people to use it. I saw an opportunity here and needed to flip it on its head. I asked myself, ‘If I needed to learn it, how would I want to learn?’”
First thing he decided: no boring lectures. It needs to be consumable, enjoyable and done in increments small enough to process without getting bogged down or distracted.
“You can’t have an instructor saying, ‘Do this. Don’t do that. Click here. Don’t click there.’ I was determined that education through storytelling works really well. I knew that was it. We must come up with good stories and create trainings that are only three or four minutes long. That’s a micro category and they have to be frequent to reinforce and keep security awareness top of mind.”
Schuler hired a creative writer with television-writing experience as a business partner: Bill Haynes, a former criminalist turned television writer with more than 72 credits to his name, particularly “CSI: NY” and “Hawaii 5-0.”
The techniques NINJIO uses to make training more tangible begin with the company building every unit around a real company that actually lost millions of dollars due to poor security awareness or a breach.
“We tell the backstory about how the company got hacked,” Schuler says. “And we didn’t always know exactly how, so we relate it to a current security vector to help illustrate what we’re teaching.”
In just over four years, NINJIO has more than one million monthly viewers and 400+ clients. The company is now branching out to include human resource films to teach sexual harassment policy. Those can be notoriously awkward, particularly with live-action production and amateurish acting.
Its most-recent product launch is NINJIO SMB, which offers a revolutionary solution for small- and mid-sized businesses for protection. “While cyberattacks can devastate large businesses, they can destroy small ones,” Schuler says. “I had a friend lose everything as a result of a $250,000 wire fraud scheme. I’m determined not to let that happen to others.”
Copyright © 2019 California Business Journal. All Rights Reserved.