9 August 2023 • General
No matter how much businesses invest in cyber security software, 95% of all hacks and data breaches are still caused by human error.
It only takes one out of a thousand colleagues to click the wrong link for your customer’s data to be out in the open. This can cause both your company’s image and bank account to take hits it may never recover from. A devastating 60% of small businesses shut down within six months of a cyber attack.
The solution? Train your staff.
But most companies have no security awareness program in place, and many of those that do offer yearly e-learning courses (i.e. boring PDFs and Powerpoint slides) or long-winded in-person classes.
Having been in the cyber security space for over five years, we’ve learned that both approaches are deeply flawed. Research shows that 90%(!) of learnings are forgotten within a week, leaving your business vulnerable to cyber threats even after training. Let alone what happens when you don’t offer security awareness training at all.
This left us wondering: “Shouldn’t there be a more recurring, engaging and effective way to train cyber awareness?”
We couldn’t find one, so eventually we built it ourselves.
In this article, we’ll share the story of how and why we created Guardey and why gamification is the ideal solution to prevent businesses from getting hacked.
Our early experience with cyber security
Before starting Guardey, myself and co-founder Anouk worked together for over 5 years on a cyber security solution for the consumer market: GOOSE VPN.
GOOSE VPN does what the name suggests. It’s a VPN that enables over 200.000 users worldwide to safely browse the internet.
Over time, more and more of our customers started to ask for a solution that would work for their smaller or mid-sized businesses. According to them, the current offer of solutions simply weren’t cutting it. Their websites were targeted to IT professionals and their products were complex and difficult to implement. Aside from that, we found that most solutions didn’t offer sufficient cyber awareness training.
With 43% of all cyber crime currently targeted on SMBs, this struck us as a huge problem.
To solve this, we built Guardey to offer SMB businesses the same safety as the big corporations.
Why we developed a cyber awareness game
Guardey offers a business VPN and a monitoring and detection solution with a cyber alarm that recognises threats and notifies users about them. But since 95% of hacks and data leaks happen due to errors by people instead of software, we knew we had to specifically focus on cyber awareness too.
After studying the current offer of cyber awareness solutions available, we found that in order for our solution to be effective, it had to be:
- Used regularly
We quickly realised we had to focus on gamification. Earlier in my career I co-founded a company that offered training solutions in the maritime and offshore sector. People in this sector only got training once every four years, even though these trainings were incredibly important to help them perform their jobs safely.
That’s when we discovered the effectiveness of recurring trainings with gamification and successfully implemented it. And when we learned about the need for better security awareness training, we knew using gamification would be just as effective.
Here’s what makes our security awareness game so effective:
Most companies that train their employees do so with a yearly course. This requires the employees to take in a lot of information in a short time period. Most of the learnings are completely forgotten after a few months.
Guardey’s solution is based on gamification. With weekly challenges, the user gets to slowly build their knowledge. Because they spend a couple of minutes every week doing it, the information is retained better.
The first couple of challenges start off with the basics. As the weeks pass, the questions increase in difficulty. As time progresses, the user becomes better equipped to recognise suspicious activities and act accordingly.
Entertainment, competition, and rewards
One of the biggest benefits of gamification is how it makes learning more engaging. It keeps the learning objectives exactly the same but makes the process of learning more fun.
In our game, the user starts their own fictional company. When they score points in the game, their company makes money. If they lose points, their fictional company loses money and its reputation gets a blow.
Each user can see how they are doing in the leaderboard. Here, they can compare themselves to the rest of their company and even the rest of the world.
To increase engagement even further, companies can decide to incentivise their users by rewarding their best performers with prizes.
In Guardey’s learning management system (LMS), administrators can see what the effect of the training is. The data shown helps them understand which topics got low scores and need more attention. They can also learn how much time is spent on the training and how the average knowledge level is growing.
With this data, you can also prove that you adhere to the norms of ISO27001 and GDPR, which both require your employees to get security awareness training.
The world of cyber security is fast-paced. Hackers constantly come up with new ways to break into companies. When this happens, companies need to be educated ASAP instead of having to wait until the next yearly course. In the game, urgent topics are simply added to the upcoming weekly challenge.
We are currently working on a feature that enables administrators to add their own questions to an upcoming weekly challenge. Has your company been dealing with phishing attempts? Simply add questions about it to the upcoming challenge to make sure the entire organisation is aware.
Cheaper than a cup of coffee
There’s a famous quote by Richard Clarke that goes: “If you spend more on coffee than on cyber security, you will be hacked.”
We agree with Clarke, but also understand the situation many businesses are in. Budgets are tight and yet another solution can simply be too much for the average SMB.
That’s why – in our mission to make cyber awareness accessible for all businesses – we decided to make our solution cheaper than a cup of coffee. For €3.33 (10 cents a day), you can train an employee to improve their cyber awareness.
Avoid hacks and data breaches
We believe we’ve built a game that will help you to make your organisation security aware. The combination of repetition, entertainment, competition, and relevancy enable your team to maintain a high level of awareness and decrease the chances of a data breach.