It’s not easy getting employees to appreciate cybersecurity. It’s not enough that cybercrime costs billions of dollars a year, or that its impact can be mitigated with good practices. Training them and making them understand the importance of their actions (or inaction) is the deciding factor. And to achieve this, we might resort to a tool that we may never have heard of: gamification.
What is Gamification?
Gamification is a method that uses different techniques to improve the learning system. It is, of course, associated with pedagogical teaching in children, but it is increasingly applied in other fields. For example, in companies, where gamification can be used to train workers or even customers more effectively. Although the term “gamification” first appeared 2008, the concept it describes is an inherent characteristic of human learning.
In gamification, there are specific rules and mechanics that must be respected, as if they were part of a game. The reward for playing by the rules consists in a system of levels and scores. This generates a game dynamic that helps acquire a specific discipline. It also creates more efficient teaching. But how does this affect a company?
Innovation with Games
Despite many companies’ reluctance, the fact is that gamification is an incredibly effective system to get workers to learn and follow established rules. Currently, giants such as Ford Motor Company, Deloitte, and PwC, to give a few examples, are implementing these techniques with excellent results. The technique helps keep employees more involved, especially the younger ones and new talents, as studies show. Gamification can, as we will see, also apply to best security practices.
How to Gamify a Cybersecurity Education Plan
Employees can, and should, acquire the skills to identify a possible security breach. Gamification can help the IT department to mitigate and prevent threats. It can also help to create a “security culture” among employees.
To design a good gamification program, first we need to think about the content we manage. Enriching language, goals, and media. For example, avoid dry presentations, nitpicky technicalities, and unintelligible chart flows. Simplify and focus on what is important: the action to be carried out.
The next important point is to generate interactive material with games-based dynamics, which has proven to be 77% more effective than traditional learning and can be used in almost any context.
Finally, scoring systems, rankings and recognition are very effective. You can also dress the rewards with physical incentives: prizes, money, opportunities, etc. It’s important to be careful not to undercompensate the effort employees are making to “play the game”. The end goal is to educate, something which, it turns out, becomes much more effective when learning is part of a game. If we know how to use it properly, the potential it could have when it comes to ensuring the safety of our company is huge.