6 top tips to make cybersecurity training more fun


10 Jul 2018

Image: gNesher/Shutterstock

How do you keep your team engaged and alert to evolving cybersecurity threats? Mark Stevens of Digital Guardian has some tips.

Whether through malicious behaviour or inadvertent errors, employees are arguably the point at which sensitive data and systems are at greatest risk. A recent Crowd Research Partners report found that more than 90pc of organisations feel vulnerable to the insider threat.

In addition to using traditional training methods, businesses are increasingly looking for other more immersive solutions to help address this risk. This is where gamification can play a role.

Gamification is the process of engaging people and changing behaviour using game mechanics in a non-game context. Essentially, it’s taking what’s fun about games and applying it to situations that maybe aren’t so fun – like how to block the next hacker from infiltrating a company’s network.

Making cybersecurity training rewarding

Thanks to gamification, organisations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements such as one-on-one competitions, rewards programmes and more.

Gamifying can make the training process more exciting and engaging for employees, increasing employee awareness of cybersecurity practices, including how to deal with attacks correctly.

Below, you can find six ways to use gamification to improve your organisation’s cybersecurity posture.

Recognise positive cybersecurity behaviours

Employees present a potent risk to the safety of sensitive company data. Through gamification, you can reward employees when they abide by the rules – this will encourage good behaviour.

With gamification, for instance, users could receive printable badges upon sending their first, 10th and 100th email without triggering a data security alert – leading to continued positive behaviour.

Once an employee has an impressive digital badge collection, incentivise them to continue the good behaviour through rewards such as gift cards or company perks.

On the contrary, if an employee continues to exhibit poor behaviour in gamification, it may raise a red flag within the organisation or warrant a need for further cybersecurity training.

Talk about data protection

Through gamification, an organisation can establish a new data protection language that encourages open dialogue among employees when discussing how to properly handle sensitive data – this is extremely important now that the GDPR is in action.

Instead of the topic being boring or rogue, workers are encouraged to talk about their achievements, challenges or lessons learned through the gaming system.

Increase frequency of cybersecurity training

Most organisations are aware that the most effective cybersecurity training occurs on a regular basis, repeatedly throughout the year.

However, a majority of businesses often don’t adhere to this training cycle, due to lack of time and resources.

Gamification allows employees to work on their lack of awareness and creates a sense of individual employee accountability about data hygiene, and ultimately changes long-term behaviour.

Engage employees

Staff should be encouraged to print and display their badges in their workspaces and engage managers to recognise their good behaviour by publishing a monthly leaderboard.

Through friendly leaderboard competitions and badge collections, end users are instantly engaged in the game – or training – at hand.

This increases internal communication and creates new relationships, improving employee engagement across the board.

Find cybersecurity talent

Not enough people are entering the cybersecurity workforce, and most firms are faced with vacancies. Organisations such as Cyber Security Challenge have been trying to tackle the talent gap by hosting yearly competitions, where players face simulated threat situations they must prevent using their cyber skills.

Winners are then offered lucrative job opportunities at large tech firms and government agencies who sponsor the challenges.

Audit to measure effectiveness

Of course, gamification is only effective if employees apply the lessons learned to real-world scenarios. For this reason, it’s critical that businesses measure the effectiveness of gamification at reducing real data risk.

Organisations should conduct regular audits and cybersecurity assessments within the organisation to determine which employees would still pose a risk outside of the gaming environment.

Gamification is great for positively reinforcing compliance among your employees. It reduces training time by encouraging your employees to learn as they go and develop good behaviour that will ensure a strong cybersecurity posture within your organisation.

By Mark Stevens

Mark Stevens is the senior vice-president of global services at Digital Guardian, where he is responsible for driving customer success across professional services, managed services, and support and training.