How Gamification Improves Cybersecurity Coaching
How gamification improves cybersecurity training
Cyber security is one of the most challenging types of training. Employee negligence has long been recognized as the greatest cybersecurity risk [1] For companies. Following cybersecurity protocols lowers the risk significantly, but companies find it difficult to convince employees to remember these practices and actually implement them. Good training is key to getting employees involved in cybersecurity. However, good training in this area is difficult. People tend to get stuck in their everyday internet habits and not understand what the big deal is when they use a less secure file transfer option or dive into corporate servers without a VPN. It is difficult to motivate employees to pay attention to the protocol and to integrate it into their daily work.
Can you imagine employees changing their work habits after watching a boring video and answering some quiz questions? Neither do I. This is where the benefits of gamification come into play. This type of training is particularly useful for changing users’ daily habits.
Understand gamification
Gamification is basically what it sounds like. It turns the user’s learning experience into a type of game that motivates users to “play” – and even compete against other users – with badges, levels, points, fun graphics, and interactive games. One of the first major mainstream applications of gamification was the Habitica app [2], an open source project that turns the boring chore of developing healthy habits into a full-fledged community-based RPG game that includes custom characters and fighting monsters. Founded in 2013, Habitica has attracted over 4 million users achieving goals from drinking enough water every day to tracking the progress of their work projects.
Gamification has since found a wide variety of uses, including in the eLearning environment. It can be as complex as Habitica, or as simple as giving “badges” to users as they complete tasks.
While gamification may not be the best model for all types of training – for example, there isn’t much to play in order to learn complex IP concepts – there are many uses for gamification in the eLearning environment. Habit building is one of the most successful uses of gamification, making it perfect for cybersecurity training.
Gamification can increase motivation
As motivation increases, it can be about redefining how you view a task, and gamification can do just that. Cybersecurity training is seen as a slog, but gamification can rephrase it as a novel challenge. For example, a score ranking can establish a playful competition between employees. A simulation game in which users must prevent a disaster by making the right decisions can add challenging fun to the work day. A game that users interact with on a daily basis and track their cybersecurity gains can offer a daily dose of cybersecurity-related dopamine.
As stated in this article about gamification and motivation at UX Planet [3]”People have an inherent tendency to look for novelty and challenge.”
The trick is that gamification needs to be thought out. Published as a study in the journal Computers in Human Behavior [4] All legacy gamification has been found to be not necessarily effective, but elements of gamification help make assignments feel more meaningful – exactly the kind of effect companies look for in cybersecurity training.
Finding a training partner with experience in creative and effective gamification is key to being successful in cybersecurity training.
Gamification increases the preservation of knowledge
The storage of knowledge is a special topic in cybersecurity training. There are many everyday tasks that users are likely to consult a manual or ask questions if they don’t remember something. However, in cybersecurity, if users don’t remember what actions increase risk, they can’t stop taking them. Additionally, cybersecurity best practices seem particularly prone to employee forgetfulness. According to a 2016 survey, 40% of executives are [5] They don’t fully understand their own company’s cybersecurity protocols. If even the executives don’t know, how do the rest of the workforce hope to prevent the cybersecurity risk?
It just makes sense – more engaged learners will remember their study sessions more. But there is more to it than that.
Science shows that frequent feedback helps users retain their knowledge better. Harvard researchers found that frequent testing kept learners focused and increased knowledge retention.
Gamification is usually filled with this type of frequent feedback. When playing simulator games, things go wrong when users make the wrong decisions. When using a leaderboard, users can instantly see how their performance is compared to that of others. When using badges, users can quickly find out whether or not they have reached the next level. Users learn instantly when they’ve done something wrong and have the opportunity to “play again” and get it right. This creates plenty of opportunities for frequent feedback in a way that is fun, not punishing.
In addition, various studies have shown [6] This gamification has a positive effect on the preservation of knowledge in a learning environment. Because knowledge retention must be a focus of cybersecurity training, gamification is an excellent choice for a cybersecurity training program.
Gamification is measurable
Just because gamification is fun doesn’t make it any less serious for a training tool. Given the way gamification tracks users’ progress based on points, scores, and leaderboards, gamification is highly measurable. This makes it a great option for companies that want to closely track the progress and improvement in cybersecurity awareness among their employees.
Effective reports and analysis are incorporated into a well-designed gamification program. Gamification can provide insightful data on learning behavior and training engagement. Working with a gamification professional will help you understand how best to develop your program to capture insightful, meaningful data about learners.
Gamification is a natural addition to cybersecurity training
Cybersecurity training is an area where motivation and knowledge retention are lacking, although it is a key element in strategies to reduce business risk. Gamification addresses these issues head on, yet it is a serious learning tool that can provide rich data on learners and incorporate it as part of a larger training program.
With cybersecurity risk spreading, gamification is a worthwhile investment that will help maintain the integrity of your company’s computer systems. That’s an ROI that’s hard to ignore.
References:
[1] According to the study, the greatest cybersecurity risk for US companies is employee negligence
[2] Motivate yourself to achieve your goals.
[3] Gamification: motivational model
[4] How Gamification Motivates: An Experimental Study of the Effects of Certain Elements of Game Design on the Satisfaction of Psychological Needs
[5] Cyber security is the job of every manager
[6] Can gamification help improve education? Results of a longitudinal study
