Teaching Corporate Cyber Security With Gamification

Teaching Corporate Cyber Security With Gamification

Every year the number, complexity, and size of security breaches increases. It’s no surprise that in our constantly connected world with mobile devices, most people have multiple devices that can be exploited, many of them with a continuous high-speed connection to the internet.

These security breaches typically occur because employees lack cyber security training. Employees click on links from unknown senders, open attachments that contain malware, and go to websites that install malware on their devices. With an ever-increasing number of data breaches created by new security vulnerabilities and attack vectors, it is more important than ever for employees to receive regular training on cyber security. However, sometimes this doesn’t happen because of one fundamental problem.


Why Is Corporate Cyber Security Training A Problem?

The problem is that people don’t want to sit through another boring class to discuss the same old tactics for dealing with cyber security issues. In many cases, they’ve got a job to do and they want to get back to it as soon as possible. Another lecture isn’t going to motivate employees to remain vigilant of cyber attacks.

Using gamification gives companies another way to make cyber security training more interesting for employees. Gamification uses game mechanics within a non-game context to make training more engaging. It uses psychological principles like personal achievement, competition, and rewards to generate emotions and help motivate people.


Increasing Awareness with Employees

In order for cyber security training to be effective, it needs to be reinforced throughout the year. While your designated cyber security person may be concerned with the latest trends, it can be more of a challenge to get board members and other employees to take action. Using training with gamification, you can increase awareness of corporate cyber security issues, while making it more interesting.

Training with Gamification

Let’s be realistic, people get tired of hearing the same speech with the same bullet points every month. Videos aren’t much better since they offer the same information, and there’s no way to track if the knowledge is being applied in day-to-day operations.

This is how gamification can help. According to The Next Web, “The lack of incentive in carrying out security measures is a contributing factor to employees and executives letting their guard down and paving the way for security breaches.”

An Easy Gaming Scenario You Can Start Today

One way to implement gamification is to allow employees to earn a badge when they report an attack. Examples of an attack could be an email from an unknown source, a questionable pop-up while browsing the web, or a phone call asking for access to the system.

While endpoint security software like SentinelOne will help reduce the risk of an attack, make sure your employees understand that remaining vigilant with cyber security issues is an important line of defense. Every time an employee reports a cyberattack using the designated method, they get points toward a badge. You can incentivize employees to continue gaining badges with gift cards. You can also track the employees with the most badges using a leaderboard to encourage participation.


Endpoint security software can also play a valuable role in the gamification. Every time an attack occurs (i.e. an employee’s machine gets infected because of an action they take) and it is not reported, you will get a better understanding of who needs additional training.

Salesforce tried a similar program and got great results, with participants 50% less likely to click on a phishing link and 82% more likely to report a phishing email.

It’s also important to get employees to open up about corporate cyber security threats. It can be embarrassing for employees to admit that they played a part in the attack. However, it is imperative that they report the situation as soon as possible. Create an open dialogue with employees to talk about the proper ways to handle your company’s sensitive data.  Encourage them to talk about achievements and challenges they’ve had.

You should also conduct regular audits and assessments to give you a better idea of which employees may still pose a risk to your organization and are candidates for additional training.

Gamification Conclusions

Don’t wait until you’ve been attacked to get your cyber security training in order. Start today. Once you’ve done this, implement gamification into your cyber security strategy.

Without making cyber security training interesting, some employees may not be diligent in their efforts to stop attacks. Using gamification allows companies to increase awareness while at the same time increasing each individual employee’s accountability for their cyber security actions.