IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Gamification of Cybersecurity Training for Employees

You have to make it more than drudgery.

When you look at your cybersecurity threat profile, it is likely that your employees are your greatest vulnerability. An "errant click" can let the bad guys into your system and then you are doling out dollars via a ransomware attack that has your data or system locked down. 

You can have Red Teams probing your network and your staff, but what you really want is to be protected from the attacks to begin with. See the news release below. I think the idea is right on the mark. One of my personal quotes is, "repetition is the mother of remembering," so you can't just have a single annual training event for employees. They just won't remember all the steps that they need to be thinking about to protect your network and information. 

For your consideration — no, it is not an endorsement:

Cybercrime represents the greatest threat to businesses and organizations in the world today.

The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating. Global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.By The Numbers:

A New platform was developed as part of a project to enhance the cybersecurity training within a large hospital system.

It became apparent that the combination of microlearning, customizability, and gamification leading to high ongoing employee involvement answered a need not simply for one client or industry, but for a worldwide digitized economy.

The Training:

  • The program is called Drip7. It applies game design to cybersecurity awareness training to increase retention.
  • Works off the basic point that one doesn’t internalize something by hearing it once. There must be repetition, in this case seven times.
  • The training arrives in the form of a question a day that the employee answers. This increases engagement in learning and retention, and at its core keeps cybersecurity in the employee’s mind—not by force but through play.
“The problem is not just a lack of cybersecurity awareness training but getting training that works to the people who need it in the way they will actually use it. Most training doesn’t actually accomplish anything, and the numbers prove it. Microlearning has been demonstrated to produce much better results than the traditional lecture-followed-by-a-test approach, both immediately and in terms of longer-range retention,” – Heather Stratford, Drip7 Founder and CEODrip7 already has over 80,000 users licensed on the platform.

“This isn’t a learning management system,” says Stratford, “It’s a way to make learning and training actually do what they need to do. Our goal is to take the fear out of cybersecurity and make it both fun and effective.”

How can gamification and microlearning be leveraged to better secure a workforce against cybersecurity attacks? Heather Stratford can speak to the following:

  • With the increase in remote workforce, how much has cybersecurity grown?
  • How does Drip7 work?
  • In addition to this training, what steps can a company take to avoid cyberattacks?
  • What should a company do in the case of a cyberattack?
  • How does Drip7 ensure that the employee is performing the new training?
  • Are there other areas of a company’s IT efforts that could benefit from gamified microlearning?
  • Can Drip7 be used in any industry?
About Drip7

Drip7 is the brainchild of cybersecurity expert Heather Stratford as a result of a client wanting to fix a specific problem: empowering the weakest link—the human—to use better cybersecurity. With its first few clients (a large educational institution, hospital system, and government agency), Drip7 is proving its usefulness in changing the old system of training and information retention in any workforce. Stratford explains it as, “Drip7 is a micro-learning platform that is re-inventing the way organizations train their employees and build lasting cultural change within them, especially in today's age of remote workforces.”

Eric Holdeman is a contributing writer for Emergency Management magazine and is the former director of the King County, Wash., Office of Emergency Management.