Gamify Your Security Culture for Higher Engagement


Data and system security are top-of-mind for most business leaders as tales of breaches seem to emerge almost daily, impacting even some of the biggest companies—including tech companies.

Employees, of course, play a key role in helping to protect company, customer, and third-party data. But it can be hard to engage employees in the process, especially when “IT speak” can often be dry and challenging for non-tech staff members to decipher. The likelihood of their tuning out can be pretty high.

That’s where gamification can come into play.

Why Employees Are Drawn To Gamification

There’s research to back up what most of us recognize intuitively. Playing games is fun and learning occurs through the process of playing. For instance, Zippia reports that:

• Employees experience an average 48% increase in engagement when involved in work that involves gaming.

• 70% of the world’s largest companies use gamification in some way.

• 72% of people surveyed say that gamification motivates them to work harder on the job.

Another big benefit of gamification is that feedback can be provided instantaneously, and in most cases, employees can feel free to “play” on their own schedules. Results can also be aggregated and shared, helping employees see how they’re doing compared to their peers.

Using gamification elements like mini-games, point systems, leaderboards, and badges can increase participation, engagement, and results.

Gamification and Data Security

It’s fair to say that data security training is likely to fall near the bottom of most employees’ lists of “training I look forward to.” It doesn’t have to be that way. Too often, IT training efforts are laden with lingo many employees find hard to grasp or delve into details that most employees don’t need, and fail to provide feedback for reengaging to boost scores and understanding.

Gamification can help here by offering a more interactive experience for employees in ways that draw from best practices perfected by the gaming industry. Gaming can be addictive. Wouldn’t it be great if just a small percentage of that potential for engagement could be applied to corporate IT security-related training efforts? It can be. Security training can be entertaining, incorporating points, competition, immediate feedback, and on-demand opportunities to improve scores over time.

Phishing attacks—an especially pervasive form of risk—offer a great way to leverage aspects of gaming while teaching employees valuable lessons about what to avoid and how to spot it. Phishing security tests can be used to send false emails to employees that look like they’re from trusted staff members (the CEO, for instance) or suppliers, but that contain certain clues and red flags employees have been taught to look for. HR and IT can collaborate in responding to and sharing the results of these tests, creating realistic learning opportunities for everyone.

Training can also be made “fun” by instituting an element of gaming and competition into the training modules. Taking a video game, quiz, or even Wordle-type approach to elements of training can ensure engagement—and boost the odds that employees are more likely to proactively engage with these modules in the future. In addition, this type of gaming and competition can spur internal conversations, helping to further spread the learning.

Consider how these different opportunities for engagement can boost security awareness among employees—the role they play in protecting company assets can help minimize the potential for data breaches.

Bests Practices in Engaging Employees Through Gamification

Not all gamification efforts are equally engaging or effective, of course. Here are some best practices that can help you ensure maximum effectiveness for your security training efforts.

1. Get Visible Support From The C-Suite

When the C-suite visibly participates in and promotes security-related gamification activities, employees are more likely to participate. It’s even better when leadership is willing to share their own results—even if the results aren’t stellar. This helps to send a message of “we’re all in this together” and we all have something to learn.

2. Consider Offering Incentives

Including incentives for “top scores” or other results can also boost engagement. These don’t have to be excessive—even a $5 Starbucks gift card could be incentive enough to spur employees to participate and try harder when they do.

3. Involve Employees In The Process

Ask employees to become even more involved in the gamification process by encouraging them to share ideas, draft quiz questions, devise challenges, etc.

4. Avoid The “Blame Game”

While sharing results of gamification efforts—phishing attack simulations for instance—can be instructive, be sure to take a positive rather than a blaming approach when announcing this information. The goal isn’t to humiliate but to help employees learn in a safe environment to avoid potentially risky practices in real situations.

From a training and development standpoint, the pendulum swings far to the side of opportunity as organizations consider ways they can create better engagement and learning experiences through gamification designed to offer interaction and maximum participation for the best results.



Source link