When it comes to data centers Dell, Microsoft & Intel are top of mind for most geeks. Trouble is, there are so many hardware, software and chip technologies that it's tough for Sales reps to know which solutions are best for building and protecting a large data center. So we need to educate Sales reps about the security features and benefits of Dell's hardware, Microsoft's software and Intel's chips.
We came up with a strategy-based training game that challenged reps to build and protect the ultimate data center. After using their initial budget to set up their data centers players earned money when their centers quashed attacks and fended off viruses. Failure to defend their data centre cost players big!
At the end of each round players could use the money they earned to buy new gear in preparation for the next round. Through game play players learned the cost, features and security benefits of each product.
As Dell, Microsoft & Intel had already spend the money to develop the game we figured, why not wring every bit of value out of it we could! To help educate potential buyers we rewarded reps for sharing the game with their clients and prospects.
As a result of two separate data breaches Employment & Social Development Canada (ESDC) hired Gartner Research to conduct an audit to identify the department's information security vulnerabilities. One of the key recommendations in the resulting report was that ESDC should invest in employee training. They needed to ensure that its employees were aware of the the importance of information security ("info-sec") and the grave risks associated with a data breach. Easier said than done.
To create a successful training program ESDC needed to overcome a few significant challenges.
The first challenge was to change employee attitudes about information security. At ESDC, as in many other organizations, most people assume info-sec is IT's job. Consequently people have a hard time seeing how info-sec training is relevant to them.
In addition to changing prevailing attitudes ESDC needed to raise awareness and comprehension of their info-sec protocols among their 23,000 geographically dispersed employees. Adding complexity was the fact that ESDC is the number one provider of services to Canadians, which means they handle massive volumes of diversely classified data.
The last, and possibly biggest, of these challenges was to to make info-sec training palatable to its employees. The fact is info-sec content is pretty dry stuff. Nobody wants to carve time out of their busy day to learn how to securely handle information. To get ESDC employees engaged and learning we needed to do something special. Something gamified.
Rather than jump in with both feet ESDC wisely decided to run a pilot program to see if a gamified training approach could overcome their info-sec training challenges. For the pilot program we developed InfoShield, a multi-level training game that challenged employees to master ESDC's information security protocols in order to protect the organization against a data breach.
Prior to starting their first game users were asked to complete a baseline test. The test was designed to measure each user's general knowledge about ESDC's security protocols.
The game featured four different gamified learning modules, each designed to teach employees about a different aspect of ESDC's info-sec policies. Everything from document identification, classification, transmittal and transportation was covered. The game's final round challenged users to apply the knowledge they'd learned in previous rounds in a simulated real world situation.
Our deep analytics portal offers stakeholders multiple views for results analysis. The aggregate view helped ESDC stakeholders identify which modules employees were acing and which ones they were struggling with. The aggregate view also highlighted organizational knowledge gaps so ESDC could up their training efforts in those trouble areas.
In addition to the aggregate view the portal provides individual views which allowed stakeholders to see which employees were most engaged with the program and how each of them was performing in each module.
Even more granular is the portal's ability to drill down to see how each employee answered each individual question. Using this feature stakeholders could pinpoint each employee's specific areas for improvement at an atomic level. Yup, that's nerdy but it's we're like that! Plus, what trainer doesn't want that insight?
Getting ESDC employees interested, and willing to participate, in information security training was no easy task. The subject matter was boring and general awareness of its importance was very low. This was the ultimate test for gamified training.
Over the years Telus' business had grown in many directions leaving them with a gazillion disparate business management software systems. The result; frustrated sales reps and pissed off customers. It was time for a new system.
In preparation for the big change Telus wanted to make sure their folks were trained on the new software. That's where we came in.
To hit the ground running with the new system we developed a game-based training program. The program's centerpiece was Eggsploration, an adventure game that cast players as Geckos (Telus' brand ambassador) searching for the golden egg. Finding the golden egg meant winning a dream vacation!
To amp up the incentive to play the system was tied into Telus' employee rewards program, "Bravo". Players earned Bravo points right within game play!
So far it sounds like just fun & games, right? Well not quite. Employees didn't get to play the game for free. They had to earn game plays by completing gamified training modules.
The first modules, rolled out to the entire company, explained how the new software would eliminate the issues inherent to the old system. Subsequent modules targeted specific departments within Telus to educate them about how to use the new system in their job roles.
For Canadian Deposit Insurance Company (CDIC), an organization that insures deposits in banks, trusts, and load companies, it's not their own employees they need to train but rather financial professionals ("FPs" for the purposes of this story!) who sell their service through member institutions.
Most crucially they need to highlight the value CDIC adds in protecting their clients' investments, and educate FPs about relevant industry info like regulatory and legal matters. As a secondary goal, they're always trying to prompt FPs to opt in to their email newsletter and follow them on Twitter so they can keep them in the loop about relevant industry news.
As always, the first thing we did was dig into their content. In doing so we learned that CDIC had both text-based and video content which we could include as part of the program. The challenge was finding a way to make the text-based content more engaging and motivating FPs to watch the videos.
The CDIC Challenge is part training program, part audience building campaign. The centrepiece of the program is a game in which users earn entries into prize draws by solving word puzzles. Players earn hints (letters!) by completing any of the three game-based learning modules. The learning modules incorporate CDIC text-based content, challenging players to display their industry knowledge and providing feedbak when they get questions wrong.
Players can also earn letters (and improve their scores in the game-based learning modules!) by watching CDIC's training videos. And to help CDIC build their email and Twitter audiences players can earn even more letters by opting in and following CDIC.
Information security training isn't exactly a favourite amongst employees. Over the last few years we've built game-based info-sec training programs that have made it fun for employees to acquire the necessary skills to help protect their organizations against security threats. While working on these programs we learned how prevalent social engineering attacks have become. To help companies educate their employees and protect their organizations we built Phishing Derby, the world's first game-based phishing simulation software.
Phishing Derby lets you launch phishing simulations and training within in minutes. More importantly Phishing Derby is a game that makes it fun for employees to learn how to spot, avoid, and report phishing and spear phishing attacks.