NCOD is a consultancy and secondment firm that provides professionals to local governments. Their employees work across dozens of client locations, making security awareness a persistent challenge. With Guardey, they’ve finally found a way to approach it structurally and effectively.
We spoke with Coen Dekkers, ICT and Digitalization Advisor at NCOD. What immediately appealed to him was the gamification aspect as it boosts engagement. This leads to better incident reporting and more meaningful conversations, helping the organization finally find a solution that truly works for them.
Challenge: From ad-hoc communication to structured training
NCOD had been working on security awareness for some time but struggled to approach it in a consistent and impactful way. Previous efforts were limited to stand-alone articles or communication during incidents. Unfortunately, there wasn’t enough time to continuously organize awareness in-house. Dekkers explains, “What you’re doing essentially is providing information every now and then. But that only works if you have time and those moments are scarce.”
Meanwhile, threats were increasing, as evidenced by the growing number of phishing emails received by employees. New hires in particular were often targeted. Although NCOD communicated about tools and, for example, a password manager, it didn’t lead to the behavioral change they were hoping for. That’s when they started looking for an alternative, which they found with Guardey.
Solution: Short weekly training sessions with impact
The decision to go with Guardey was based on the combination of microlearning and gamification. According to Dekkers, that approach delivers real impact and makes the process enjoyable.
They started with a spear phishing campaign set up by Guardey, which NCOD experienced as highly professional and effective—a real wake-up call. “We saw many people click and enter information. Even one is too many, so this really showed us that security awareness training was necessary.”
"We don't often see our people in person, which is why posters don't have a chance of working. You need a digital training platform that's easy to use."
Employees can join the training sessions from the intranet right after logging their hours, making the process as easy as possible. “If you do a five-minute training every week, the topic stays top of mind—and that’s exactly what you want.” The first season of the competition has already been completed. Thirteen teams, including the management team, took part!
Gamification as an engagement booster
Dekkers noticed that enthusiasm increased among employees once they realized there were prizes to be won. The winning team gets to play an escape room game, and there’s a Bluetooth tag for the individual winner. Employees now encourage each other via WhatsApp to do their best and win. “In some group chats, it was all about: ‘We just need to move up one more spot!’”
They also made a conscious effort to involve management. As role models within the organization, it was important to get their buy-in. “You can’t expect employees to participate if the management doesn’t.” Dekkers personally called some of them to explain the importance. He believes that as a leader, you should be able to explain why participating in the training matters.
Result: Better reporting and better conversations
Security awareness is clearly improving, so the training is working. Dekkers notes that more employees are reporting or forwarding suspicious emails to IT. On top of that, internal discussions are taking place. The content sparks conversation and becomes part of daily life at work. “The topic of security awareness is more present in everyday conversation. People are more aware, and there’s more discussion about what’s right and wrong.”
"With Guardey, security awareness is more present in everyday conversation. People are more aware and there's more discussion about what's right and wrong."
Dekkers compares this to previous attempts to engage employees. He believes relying too much on physical communication, like posters, didn’t work for NCOD. Since many employees work externally, they needed a digital solution that aligns with the flow of their workdays. “We don’t often see our people in person, which is why posters don’t have a chance of working. You need a digital platform that’s easy to use.”
The biggest win for NCOD is that the topic is alive and well across the whole organization, not just in IT. Initially, the focus was on maximum participation. Dekkers credits this partly to Guardey being integrated into the daily routine via the intranet. “You’ll find Guardey right next to the button to log your hours. There, you’re always one click away from completing your weekly task.”
Don’t let hackers outsmart you
Make sure your employees are prepared to recognize security threats with Guardey. Start your 14-day free trial today.
