Using Gamification to Increase Participation in Your Security Awareness Training Program

Posted by Mark Chapman—President & CEO of PhishLine 


The integration of gaming elements directly into security awareness training materials is usually done with the hope of adding excitement to traditional computer based training. Sometimes the gaming aspect is engaging and fun. Other times, it is viewed as trivial or childish, and can quickly reduce the credibility of your overall program. The corporate culture and the age groups involved make a huge difference in how this style of content is perceived. The real “game” is to establish a credible program that will positively affect the information security profile of the organization.

One method of gamification that receives good acceptance at a variety of organizations is risk based scoring.

Generally, negative points are assigned to unsafe actions:

  • Clicked on a link
  • Filled in a Web form
  • Replied to an email or text message
  • Disclosed too much information in Out of Office
  • Called an unknown phone number in an email
  • Opened an attachment
  • Plugged an unknown USB device into a business computer

In a similar manner, positive points are assigned to positive actions:

  • Completed training
  • Reported a suspicious email using the correct channels
  • Hung up on a phone call before disclosing sensitive information

Trainers use these metrics to look at the results of individual training campaigns. Higher participation rates can directly relate to a lowered risk factor for the organization. Individuals and departments can be offered recognition or prizes to increase participation.

PhishLine leads the industry with our risk-based scoring system. Once a customer sets point values for positive and negative actions, risk-based scores can be compared to internal and external benchmarks, and to measure improvements over time. Our custom dashboards allow results to be arbitrarily grouped to drive a competitive spirit that fits the specific culture and goals of the organization.

We provide many styles of training directly through our Content Center Marketplace. With PhishLine, it is not hard to find training content in a style that fits your organization.

Related posts