Tallinn, 16 May 2017

We are glad to publish the full review of Geenius.ee tech portal of CybExer Cyber Hygiene e-Learning platform that thousands of Estonian Civil Servants will now be able to undertake.

Review is authored by Hans Lõugas (Geenius.ee)

Estonian company CybExer Technologies has developed a web-based tool, which will help people and organizations understand how their own behavior could result in a cyber threat incident in the form of hacking, data leak or attack. In May, tens of thousands of Estonian officials will start taking it, and Geenius editor’s office had an exclusive opportunity to evaluate their risks and see what such testing implies.

You cannot fail at this test, but it will show your weaknesses

How many of our workers would plug a memory stick found in the elevator into their computers? Or do they know what a screen privacy filter is?

To get the sincerest responses and to avoid naming and shaming anyone among the staff, the results of individual test-takers could only be seen by the editor in chief. In total, six Geenius employees completed the test, and one left it unfinished (a separate discussion with that person will take place later). Overall, the test, divided into several parts, took more time than a coffee break but less than a lunch break.

In addition to making people mentally rehearse real-life situations, the most efficient feature of CybExer’s test is the ‘radar’ of results. It means that no-one will be getting points, for instance, ranging from 1 to 5 like in school or ‘fail’. Instead, the risk level across various areas will be displayed: for example, personal attitudes and approaches of individuals will be assesses as well as their knowledge and how cyber security is fostered within the organization, and so on.

Our best result among all the test-takers was the following:

The test-taker’s cyber security risk level in all dimensions was 0% (the Social Media is displayed as an example). Photo: screenshot

Of course, we did not achieve such a figure in the organization as whole. We are not going to tell our readers what Geenius’ risk profile looks like in detail (by the way, the test does not have a situation in which a person would publicly disclose their CybExer cyber hygiene test results). in some areas, our risk levels have proven to be surprisingly high, but these can be associated with journalists’ duties.

It was especially good to know though that our lowest risk level (meaning that this is what we are the best at) characterizes our cooperation: people are willing to share information and become involved in ensuring security.

CybExer cyber hygiene test

So, what did Geenius journalists think about someone evaluating their skills in safe computer use?

Test-takers’ opinions: listen to the Digitund [Digital Hour] on the radio, and your score will be 90%

“The test is certainly extremely important, especially for people who are not exposed to information about cyber security on a daily basis,” one test-taker believed. “It makes on think about things we normally do not stop to consider, for instance, looking on the screen over someone’s shoulder or stealing confidential information.”

“What I can say is that you listen to the Digitund show, you will be 90% aware of such cases,” another test-taker said, emphasizing, that one did not need to be a ‘hacker’ or even read professional message boards to behave correctly in the described situations involving cyber security.

Another person thought it was very positive that the test covered a variety of issues, starting with Wi-Fi settings at home and down to phishing e-mails. “I liked it that the test can be completed by people who believe they have higher technology awareness than average and also those who are ‘weaker’ at technology and cyber security,” was the comment concerning the flexibility of the test.

As it always is in a group of people, some were happy with the test, and others, not so. One test-taker thought that the questions were too easy and apparently meant for children; weirdly enough, it was this person who displayed a risk level of 75% in one dimension. What did the test lack? “One topic I expected to see but did not was using cloud services: how to treat the storage of documents in Dropbox or cooperation with colleagues in Google Docs.”

CybExer: the test will keep evolving

“Feedback from users is very important for us, and it helps us keep improving the solution in terms of both content and functionality. We will certainly take feedback from Geenius into consideration during our future development cycles,” said Janek Gridin, member of the board at CybExer.

“Similarly to the ever-changing cyber-world with its threats around us, our questions and the study-aid part keep evolving to make sure that people’s awareness about the treats is high, and their knowledge is thorough. For example, if such ransomware attacks like WannaCry, which has wreaked havoc all over the world, happen more often, more attention will definitely be paid to this issue,” Gridin said. “The team of Geenius.ee took the test in the role of regular users; in addition to that, there are questions and study aids for specialists and management executives, which provide a comprehensive overview of the entire organization with various roles and areas of responsibility within it.”