One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2039830 |
| Date de publication | 2020-11-17 12:00:00 (vue: 2020-11-17 13:05:32) |
| Titre | Raising email security awareness through gamification |
| Texte | October was National Cyber Security Awareness Month which is an excellent opportunity to invest in a modern approach to email security awareness. Most companies and organizations conduct security awareness training annually, during onboarding, and after an adverse event. The effectiveness of periodic training varies greatly and depends on organizational culture and structure, leading to unexpected or undesired results. Organizations should seek to modernize their awareness training and adopt a creative approach to training that addresses these challenges. Gamification is a modern approach that personalizes awareness training by adding creativity to an otherwise mundane activity. One way to think of gamification is by adding game principles, game dynamics, or game logic to a task to encourage participation. By turning learning into a more interactive and fun activity, users and employees are motivated to participate, leading to better-sustained outcomes. Applying gamification to email security training helps individuals and organization change their behaviors when it comes to email security. According to an article in Computer World (July 2014), "Participants in our program were 50% less likely to click on a phishing link and 82% more likely to report a phishing email. "(Patrick Heim, chief trust officer, Salesforce.com). How should organizations start with email security awareness gamification? Start with traditional awareness training and build upon that. Once all email users have been through an initial round of security awareness training, follow up with a contest of sorts. For example, reward users that report phishing emails correctly. To create a broad behavioral change, publicize the contest winner's names and rewards. Rewards and positive reinforcement encourages the reporting of phishing emails. Thus, building momentum in email users to participate in the game. This contest is considered the first step into the gamification experience. This initial step highlights the effectiveness of traditional security awareness training. During this phase, collect metrics to measure the buy-in of users and other stakeholders. Next, we want to increase the users' understanding of phishing emails. Think of this phase as the gameplay aspect of gamification. All games need the following components: a goal or objective (definition of what is winning), rules of the game, and scoring. Wining creates motivation to continue to play the game (positive reinforcement). Rules help the players understand how to play and progress through the game. Scoring shows the participants their achievements and how well they are doing. In email security awareness, we use phishing simulations to test users' understanding of a malicious email's type and content. In the gamification version of these simulations, we score the details that users identify as malicious. We call this game "Catch the Phish" and work through different levels of difficulty. The first round contains blatantly obvious misspellings, email addresses, and content. In each subsequent round, the clues become less obvious to the point where they are very subtle. To create positive momentum, publicize users' accomplishments on a leaderboard of sorts, either on the company's intranet or in a periodic newsletter, or any other company-wide medium. Other options within the spirit of gaming are to create inter-departmental or cross-department competitions—for Example, IT vs. Finance, HR vs. Legal, and so on. There are many creative ways to make email security awareness training an engaging, fun activity that increases users' participation and measurably enhances an organization' |
| Envoyé | Oui |
| Condensat | once one 2014 accomplishments according achievements activity adding addresses adopt adverse after all annually any applying approach are article aspect awareness become been behavioral behaviors better blatantly broad build building buy call catch challenges change chief click clues collect com comes companies company company's competitions—for components: computer conduct considered contains content contest continue correctly create creates creative creativity cross culture cyber definition department departmental depends details different difficulty doing during dynamics each effectiveness either email email's emails employees encourage encourages engaging enhances event example examples excellent experience finance first follow following fun game gameplay games gamification gamifying gaming goal greatly have heim help helps here highlights how iceberg; identify increase increases individuals initial inspiration inter interactive intranet invest july just laid leaderboard leading learning legal less levels likely link logic make malicious many measurably measure medium metrics misspellings modern modernize momentum month more most motivated motivation mundane names national need newsletter next objective obvious october officer onboarding opportunity options organization organization's organizational organizations other otherwise out outcomes participants participate participation patrick periodic personalizes phase phish phishing play players point positive posture principles program progress publicize raising reinforcement report reporting results reward rewards round rules salesforce score scoring security seek should shows simulations sorts spirit stakeholders start step structure subsequent subtle sustained task test them these think through thus tip traditional training trust turning type understand understanding undesired unexpected upon use users users' varies version very want way ways well what when where which wide wining winner's winning within work world your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.