HackerStop: a Danish IT security tool

HackerStop is a Danish initiative, designed to support the digital maturity of small and medium-sized enterprises (SMEs). The HackerStop tool and platform can be used by SME managers and executives to help measure their employees' IT security awareness, and make their online processes safer. Born in 2022, the tool has already gathered impressive results, which Dansk IT has diligently collected. The HackerStop tool and platform are supported by the Danish Industrial Fund, and carried out by Dansk IT in cooperation with the NBI. Let's dive into why HackerStop is needed today.

Background

As a company, it is essential to protect sensitive information and data from unauthorised access. But it is not enough to have the right technology and software in place if employees are not aware of the basic safety principles underpinning its use. In other words, IT security should be a common concern, and not something employees can relate to when prompted.

This is easily achievable for tech giants and large companies, but what about SMEs, and Danish SMEs in particular? And indeed, the majority of Danish SMEs struggle to assess their own level of digital safety and maturity. Smaller companies see this as an overwhelming task: they don't know where to start, they lack internal resources and are also less likely to hire expensive business development consultants. This means they are unable to implement heavy safety frameworks such as ISO/IEC 27001 and the D-label. And even though it is common knowledge that up to 90% of all security breaches occur due to human error, in cybersecurity there is still the greatest focus on the technical measures and implementation of heavy frameworks and processes.

Improving security: it's all about HackerStop

Enter HackerStop!

HackerStop offers a platform that can be tailored based on individual assessments, and helps to create continuous awareness of IT security amongst employees. Anyone can create a free profile in HackerStop and complete a personal or company survey. To conduct an assessment, one has to go through a number of questions focusing on various aspects of IT security: like phishing attacks, malware, data protection policies, and the basics of a secure IT behaviour. Employee feedback is logged anonymously and the questions can be taken at one's own pace. The questions then lead to a tailored report and analysis of possible security gaps and weak points in the company's IT security strategy. Finally, suggestions and recommendations to improve based on tailored results, are given. By recognising staff efforts in improving security awareness and behaviour, companies can create a culture where cybersecurity is a priority for all employees. Some key aspects:

The tool is free for measurements of up to 100 people.
Up to 10,000 people can be assessed at a time.
The survey contains 35 questions that can be answered in 5-10 minutes.
Data is valid because users answer honestly as their answers are anonymous. A measurement can be set up so that it runs every year, in this way the development is measured over time.
There is the possibility of anonymous feedback and dialogue between those who have answered the survey and the person who has sent out the survey.

Why is this a good practice?

Since its launch in January 2022, HackerStop has achieved some impressive results in getting organisations to take part in measuring their employees' digital maturity and cyber awareness. More than 400 different companies across 79 industries have registered and tested out the tool, with more than 17.000 individual users already on board. With 400+ company surveys completed, the tool's anonymised data gives some cross-cutting insights from virtually all industries and sectors.

The initiative has also succeeded in building a professional community amongst the so-far users of HackerStop, fostering knowledge exchange through biannual meetings, where partners, certified advisors and users can share best practices and relevant news.

The methodology behind HackerStop is particularly unique, and stands out from other tools used for the same purpose in the following ways:

What employees find most important and interesting is part of the overall result – because when initiatives for change are initiated, the greatest success is achieved when the interests of people are taken as their starting point. The surveys are anonymous, and it is not possible to see if an employee has answered the survey, because anonymity provides honest answers and a good insight into the company culture.
It is measured over time so that the development is seen over time.
Companies can add their own questions.
Employees can give feedback and it also allows for anonymous dialogue with the employee. It provides insight into the culture and where to focus first efforts.
After completing the measurement, there is a very easy and intuitive tool that provides a good overview for everyone regardless of background and you can dive into the report and geek out in the smallest details.

The HackerStop framework is qualified by volunteer experts in Dansk IT's professional council for information security and other strong players and is thus based on the best experiences in relation to both cybersecurity, behavioural design and change management – precisely what makes HackerStop something very special.