3 reasons to consider gamification as part of your information security programme03 July 2019
What is gamification?
Gamification is the application of gaming techniques and elements into any non-gaming environment. It can be applied to learning and development situations, marketing, recruitment and even our own health regimes (known as ‘exergaming’ – think Fitbit and associated challenges within the software. Across gamification models, typical game-playing elements include point scoring, competition and rules of play. Points, levels and awards help make boring tasks more fun. So instead of putting off whatever it is you need to do, you are motivated to jump in, get it done and achieve that high score.
Why has it become popular?
Gamification leverages our psychological desires for status, achievement and to be part of an inclusive social community. Many gamification resources reward the user for completing the desired task and incorporate a leaderboard, so the player strives for further improvement.
These elements result in a gamification model with high levels of engagement and a willingness to return on numerous occasions.
In addition to the psychological drivers, our environment is also a critical influencer in the rising popularity of gamification.
Today, most people access information through their phones, tablets and laptops, engaging with new material for approximately 1 hour and 40 minutes each day.
Workplaces now contain more of the device-driven millennial generation – people born between 1981 and 1996 (at the time of writing, those between 23 and 38 years old). As such, we need to meet their evolving learning needs.
Research has shown that millennials tend to like short sharp messages that can be absorbed quickly, and which are delivered in a fun, interesting and stimulating way.
This is where gamification really comes into play.
Reasons to employ gamification
Reason 1 – People like to compete
Sometimes it is difficult to engage people in cybersecurity-related topics on a basic level, let alone the bigger challenge of influencing cybersecurity behaviours such as not clicking on phishing links.
To change behaviour, gamification can replicate real-life situations. Instant feedback and consequences allow learners to experiment and fail in a safe environment.
A well-designed programme can use ‘levelling’ to engage people in behaviour change by building on their past success and challenging them further.
For people who thrive on competition and achievement, using gaming elements of time limits or beating their own or others’ scores can persuade them to change their behaviour without them even realising.
Reason 2 – People like to win
Gamifying an information security programme will attract people’s attention. It capitalises on people’s desire for achievement and success.
As a learning and development tool, gamification delivers key messages and essential learning in a format that encourages and retains involvement, engagement and attention. Gamification of learning is limitless and can bring life to topics such as classification levels, cybersecurity risks, phishing emails, passwords and cloud-based storage.
Reason 3 – People like rewards
Challenges and games will keep people’s attention for longer than traditional learning. These higher levels of engagement are achieved by inviting people to take part in rewarding experiences that can be incentivised.
Pokémon Go! rewards its users with higher-level Pokémon for walking greater distances – an example of ‘exergaming’ and applying game mechanics to fitness. Had you asked those same people to walk those distances without any incentive or reward, you would probably find yourself out of luck. This is the power of gamification.
Using gamification in your information security programme will increase employee engagement, create a better learning experience and prompt significant behaviour change.