How Gamification Can Transform Cybersecurity Training

By Sarah Byrom, Founder of Sarah Byrom HR and financial HR consultant for Construct.

With cyber security threats becoming more advanced every day and businesses becoming increasingly susceptible to phishing scams, the need to remain safe online is more important now than ever before.

Fraudsters, posing as online banking employees, relatives, and even co-workers, frequently trip up even the most experienced of workers, phishing for bank details and even demanding money through ransomware programs.

A new report by Tessian Research, the Psychology of Human Error, found that more than one in three (36%) employees believe that they have made a mistake at work that has compromised security in the past 12-months and that over half (56%) had clicked on phishing emails that appeared to have come from inside their organisation.

With more Brits working from home than ever before, training employees to recognise these scams is becoming increasingly difficult, particularly for those businesses handling important data and financial information; however, cybersecurity training hasn’t always been the easiest topic to deliver.

By use of technology and novel training methods, such as gamification, not only do rates of knowledge retention increase, but businesses can develop compelling games focused on realistic security issues for their employees, providing immediate feedback on their responses in a safe environment.

Sarah Byrom, Founder of Sarah Byrom HR, a financial HR consultant for Construct, discusses the cybersecurity challenges facing those in the financial services and how cybersecurity training through gamification could be the solution.

Individual training

More cybersecurity professional development courses are being offered every year as employees and businesses are faced with advancing threats, but it’s important to consider how effective these courses are in arming those on the front line with the tools they need to evaluate threats.

Gamification can do so much when it comes to delivering compulsory training, especially where cybersecurity is concerned, and with something as serious as risks to financial establishments, a lot of workers struggle to admit when they’ve made an error in judgement for fear of negative consequences, be that to the business, their customers, or to their own careers.

Most employees don’t have the time to do some of these training courses, which leads to some elements being neglected and, in turn, a lack of attention towards topics that are incredibly important, such as safe online working.

Giving workers the opportunity to undertake training in their own time and at their own pace does wonders for engagement in such a vital topic and allows them to learn in a safe environment without having to encounter any real risk.

Having a space in which employees are able to test out their responses to cybersecurity issues without fear of being disciplined or putting client’s financial records at risk is so important for those who are likely to encounter these issues in their working day.

When these real-life situations appear, those that have already experienced the protocol and procedure of a cybersecurity attack are more likely to respond in a calm and collected manner, reducing the risk to the company, and improving confidence in their ability to ward off any incoming threats.

By gamifying the training and generating engaging games that provide all the key information, you’re much more likely to hold their attention. It makes it something that colleagues will enjoy and re-use when they need reminding.

If they can undertake these fun training sessions at their own pace and a time that suits them, then it’s no longer something teams will worry about, but rather an opportunity for workers to take control of their own career and development while gaining the confidence to be able to identify these risks.

Informing Future Practice

With many multinational companies’ workforce spanning different continents and countries, and increasing numbers of staff working from home, tools employers can use to connect teams remotely are more important than ever for those in the financial sector.

When you’re faced with barriers to collaboration, it’s not always easy to connect and share ideas and learnings.

Using online tools, such as gamification, can not only showcase the varied problem-solving skills within each region, but can help teams connect and learn from each other. Showcasing how these separate entities react to cybersecurity threats can inform a firm’s practice moving forward, offering new solutions to an ever-evolving problem.

It can be quite off-putting to have to download software onto every employee device in order to run these gamification tools, but now that’s not even necessary.

Some of these gamification software providers now utilise web-based programs, allowing companies and users to build and run these training games. This gives individuals the opportunity to access materials across systems, platforms and without the unnecessary downloads.

Technology is always developing and is fantastic at bringing people together, so being able to use something like gamification to do this, and to simultaneously help solidify a firm’s defences, in a fun way is even better.

We know that cybersecurity issues happen worldwide, and some threats might be more region specific than others.

By using gamification tools to test out techniques and report novel threats across multiple workplaces, directors can even pre-emptively prepare their teams for new methods of attack, allowing a firm to become more proactive in their approach rather than reacting to threats on the backfoot.