7 reasons to gamify your cybersecurity strategy

Gamification relies on the competitive nature of people to help harden the company’s security.

gamification
Credit: thinkstock
Game on

Data breaches continue to grow in number, size, severity and cost. With the increase in new security holes, vulnerabilities and attack vectors that need to be fixed, many businesses are turning to gamification to help employees adhere to cybersecurity best practices.

Gamification is the process of engaging people and changing behavior using game mechanics in a non-game context. Essentially, it’s taking what’s fun about games and applying it to situations that maybe aren’t so fun.

By using gamification, organizations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements like one-on-one competitions, rewards programs and more. Mark Stevens, senior vice president of Global Services at Digital Guardian, provided seven reasons to use gamification to address data security.

gamification
Credit: Pixabay
Reward good cybersecurity behavior

Reward employees when they abide by the rules, which will encourage continued good behavior. With gamification for instance, users could receive printable badges upon sending their first, 10th and 100th email without triggering a policy – leading to continued positive behavior.

gamification
Credit: Pixabay
Incentivize continued good behavior

Once an employee has an impressive digital badge collection, incentivize them to continue the good behavior, such as with e-store gift cards or company perks. On the contrary, if an employee continues to exhibit poor behavior in gamification, it may raise a red flag within the organization or warrant a need for further cybersecurity training.

gamification
Credit: Thinkstock
Encourage an open data protection dialogue

Through gamification, an organization can establish a new data protection language, which encourages open dialogue among employees when discussing how to properly handle sensitive data. Instead of the topic being boring or rogue, workers are encouraged to talk about their achievements, challenges or lessons learned through the gaming system.

gamification
Credit: Thinkstock
Address the lack of awareness

The most effective cybersecurity training is one that occurs on a regular basis throughout the year. However, a majority of businesses often don’t adhere to this training cycle, due to lack of time and resources. Gamification allows employees to acknowledge the lack of awareness and individual employee accountability sensitive data protection/hygiene, and ultimately change long-term behavior.

gamification
Credit: Pixabay
Increase employee engagement

Staff should be encouraged to print and display their badges in their workspaces and engage managers to recognize the good behavior by publishing a monthly leaderboard. Through leaderboard competitions and badge collections, end users are instantly engaged in the game – or training – at hand. This increases internal communication and creates new relationships, improving employee engagement across the board.

gamification
Credit: COD Newsroom
Find cybersecurity talent

Not enough people are entering the cybersecurity workforce, and most firms are faced with vacancies. Organizations like UK-based Cyber Security Challenge have been trying to tackle the talent gap by hosting yearly competitions where players face simulated threat situations they must prevent using their cyber skills. Winners are then offered lucrative job opportunities at large tech firms and government agencies who sponsor the challenge.

gamification
Credit: Thinkstock
Audit to measure effectiveness

Of course, gamification is only effective if employees apply their lessons learned to real-world scenarios. For this reason, it’s critical that businesses measure the effectiveness of gamification at reducing real data risk. Conduct regular audits and cybersecurity assessments within the organization, to determine which employees would still pose as a risk outside of the gaming environment.