BUILDING SECURITY AWARENESS THROUGH FUN & GAMES
A Case Study on Information Security Training for a Retail Major
Rapid eLearning Solutions to Fast-Track Employee Learning
Train your learners anytime, anywhere, in any format, on any device!
THE SUMMARY
The Challenge: To develop an effective Information Security training for employees to recognize, rectify, and report security risks.
CommLab India’s Solution: Scenario-based eLearning with gamification where learners were asked to respond to different potential security threats they could face at the workplace.
The Result: The gamified question-driven approach made for a highly engaging fun experience, effectively increasing employee awareness on different security threats and how to handle them appropriately.
THE CLIENT
Our client is a retailer and distributor of food and pharmaceutical products. With corporate and franchise supermarkets, pharmacies, banking, and apparel, the company is Canada’s largest retailer. Its portfolio of drugs, groceries, wireless mobile products, food items, apparel, health and beauty products, and general merchandise provides customers with an unparalleled mix of value, assortment, and convenience. With nearly 1,400 stores that operate under 22 regional and market segment banners, and more than 200,000 employees employed at its various locations, the company aims to provide the building blocks to help their customers create the best life and future that they can.
THE REQUIREMENT
Given the nature of their business, the organization had access to large amounts of different types of information. To counter the risks of information security breaches, they had a training program in place for employees to recognize, rectify, and report risks as appropriate.
The training that was aimed at all their employees was in the form of a mandatory eLearning course that discussed the various ways through which data could be compromised. But when the employees participated in a Security Awareness challenge (after completing the Information Security eLearning course), it was found that most of them did not retain the learning from the course.
So, it was decided to revamp the training content, making it more engaging and relevant, through scenario-based challenges. The main objective of the course was for the learner to identify secure and unsecure practices, and respond appropriately. The requirement, therefore, was for a ‘question-driven’ course, where learners had to apply their understanding of information security to answer different scenario-based questions.
The brief also included translating the English course into French.
THE SOLUTION
As the objective of the course was for learners to identify and respond to unsecure practices, CommLab India decided on a ‘story’ approach “a day in the life of an employee” where the learner follows the said employee as he is faced with situations (in the form of mini scenarios) that they are likely to face in their day-to-day work (e.g., “Employee gets to work but forgot pass card. What should they do”).
These 16 mini scenarios would set the stage for a variety of information security threats that learners might encounter while performing their professional duties. Each mini scenario would be followed immediately by challenge questions related to that scenario.
The course opens with an introduction to information security and the role of employees in preventing security threats. After that, they are asked to choose the persona that represents them based on their potential for risky behavior from 4 given personas – Risky Renee, Carefree Corey, Delusional Donnie, or Vigilant Vicki. As no one considers themselves as risky, delusional, or carefree, most if not all learners choose the character of Vigilant Vicki to best represent them.
A background story ‘a day in the life of the (fictional) employee’ runs throughout the course, with the 16 scenarios woven through it. The learner is supposed to advice this character (Jake) on how to respond to a variety of information security threats that he encounters during his working day.
Learners are presented with 16 scenarios (on phishing, security incidents, acceptable use of corporate devices, and passwords), each followed by a question on what Jake should do in that situation. The questions are aimed to test learners’ understanding of the threat to information security in the context of the scenario and help them apply what they have learned, in a way that they can relate to and remember.
A gamified system in the course keeps track of the ‘information security’ score, which goes up or down based on the learner’s answers, and a security dial indicates how safe the learner is. Finally, based on the learner’s choices and scores, his/her behavior is matched to one of the 4 personas they were shown at the start of the course. Their final persona and score also decides whether they need to retake the course.
The tools used to create the course included Vyond (for the characters in the scenarios), Flash (for the introduction video), Adobe Illustrator (for the score meter), and Photoshop. The course was developed in Storyline 3.
A project manager, two instructional designers, two courseware developers, and a visual designer worked on the course. Our ID team found it challenging but fun to create the different scenarios and weave them through the background story as a day in an employee’s life.
We could complete the entire project (the English course and its French version) in about four months.
THE RESULTS
The course was very well received and helped create awareness among employees on the different types of threats they might face and how to handle them correctly.
Rapid eLearning Solutions to Fast-Track Employee Learning
Train your learners anytime, anywhere, in any format, on any device!
THE REVIEWS
Here are a couple of reviews on eLearning Industry from the stakeholders.
Rapid eLearning Solutions to Fast-Track Employee Learning
Train your learners anytime, anywhere, in any format, on any device!