Monthly newsletters are a wonderful, simple, low-cost method to create a foundation for any security awareness program. They provide a visually-engaging informal learning opportunity that your employees can enjoy at their leisure, and can allow you to create a reference library of a multitude of topics for your users to access at any time. But as simple as PDF newsletters are to email out or host on your company’s intranet, you can’t track them easily in an LMS and who knows if anyone is actually downloading them from your security awareness portal? How do you know if your employees are actually reading them? How do you know if anyone is actually learning anything? How can you motivate your users to take the time to improve their awareness?
We have one word for you: gamification.
We’ve written about this subject before but haven’t discussed ways to gamify the newsletter reading experience. Below are three successful methods employed by some of our clients (No. 2 led to a five-fold increase in monthly readership for one company!) that you can try within your own organization:
- Host games in your LMS: At the end of each quarter, create a game or a quiz based on the content in the newsletters from the previous months. We can help by creating custom trivia games for you, or you can use one of the many SCORM-content creation tools out there to create your own.
- Scavenger Hunt Knowledge Checks: A client shared this idea with us and we were so excited by it we didn’t even have time to be sad that we didn’t think of it first! Every month, when their awareness program manager emails out the newsletter to their 7,000 employees, he includes 3-5 questions whose answers can be found within the newsletter. The first 25 employees to email him the correct answers win a prize. He told us that before he began doing this, he’d get feedback from maybe 3% of the users each month; within three months of implementing the scavenger hunt knowledge checks, he heard from over 15% of the users, and after six months that number surpassed 20% and hasn’t fallen since. And we’re actually going to help you out with this one. Every month, when we send your monthly newsletter, in addition to the short description about the theme of that month’s newsletter, we will include 3-5 knowledge check questions and answers for you to use if you want to try your own scavenger hunt!
- Creative Contests: Have monthly or quarterly creative contests centered around newsletter content, including short story or poetry contests, awareness poster contests or photo contests. For example, for the January 2017 issue about Cybercrime, you could host a poetry contest where employees have to write a poem about one of the cyber attacks highlighted in the issue. For the upcoming February 2017 issue about being a human firewall, have a contest looking for the best personal success story from employees who exhibited human firewall skills in a scenario at home or work. For last December’s issue about common sense and non-technical security, you could have hosted a photo contest looking for the best photo example of non-technical security at work (such as shredding sensitive documents, wearing a badge in a highly visible location, someone’s super clean desk, etc).
- Create physical games for employees to do during breaks: We all need to step away from the screen every now and then, take a break from work, have a snack, do a puzzle or read a magazine for a few minutes. Many organizations will print out a few dozen to a few hundred hard copies of the monthly newsletter, placing them in common areas throughout the building as they try to create a culture of learning. You can go a step further by creating your own word searches, crossword puzzles, anagrams, etc. (Here are some resources for simple, DIY games.)
Yes, these methods require time and a little bit of money (for the prizes!) but it’s worth it if it means more people will spend more time learning about information security and honing their security awareness skills. It’s worth it if it means doubled or tripled (or quintupled!) monthly readership. It’s worth it if it means another small step towards securing your organization.
Our final piece of advice is this: Offer prizes. What’s the point of any game? Winning. And even the least competitive people like winning if they get to win more than just bragging rights. Offer actual prizes for any gamified learning experience. They don’t have to be expensive prizes; think $5 coffee shop giftcards, think company-branded swag, think pizza parties. Have fun with it and think about it from your own point of view — what would you like to get for your participation?
Latest posts by Ashley Schwartau (see all)
- Here I Am: My Unexpected InfoSec Career Path - May 30, 2017
- Harry Potter and the Security Prophecy - May 4, 2017
- Use Gamification to Drive Engagement with Monthly Newsletters - January 12, 2017