google 4.9 (34 reviews)
Cyber security service for you
Schedule a Demo
Back to Resource Center

How we built the Duolingo for security awareness

18 July 2024 Cyber security

Share

Pim de Vos Marketing Manager

Learning new languages can be dull. You think back to a classroom and learning long rows of words. It feels unnatural, it feels forced, it’s painful.

Duolingo understood this and decided to improve the experience of learning languages. With their game, you learn by doing. You feel like you’re playing a game, but you’re actually learning. Language learning is hard, but with Duolingo, it becomes fun.

You know what else can be dull? Learning about cybersecurity. That’s why many organizations struggle to motivate their employees to participate in security awareness training.

That’s why we decided to build the Duolingo for security awareness: Guardey.

The issues with traditional security awareness training

There are hundreds of security awareness training solutions on the market. From e-learning to in-class training to escape rooms. Most of them fail to be effective.

The forgetting curve of yearly courses

Some organizations require their employees to partake in a yearly course, whether it be online or in-class. These courses are often lengthy, at least 1,5 hours long, and passive. The participant is reading or listening, not actively engaging in training. This makes for a boring experience.

In this days and weeks after the course, your employees will likely have an improved awareness. They’ll recognize and discuss cyber threats more frequently than usual. But after the weeks keep going by, the forgetting curve starts to set in.

The forgetting curve

The forgetting curve illustrates how fast people forget the information they have learned. It shows how, without any repetition, it’s impossible to retain much of the information from a class or course. Below, you can see how this can be improved with ongoing learning.

How repetition improves the forgetting curve

So why do organizations even participate in yearly courses at all? Probably because it checks off compliance. Some cybersecurity insurances and information security directives look at yearly courses as sufficient training.

If your only goal is compliance, a yearly course may work just fine. If you want your employees to actually become more aware of cyber threats, it won’t.

Why is motivating employees for ongoing training so hard?

There are hundreds of ongoing training solutions for security awareness. Meaning: training programs with weekly or monthly training sessions. Most of these solutions struggle to keep learners engaged for longer periods of time.

First of all, many of them are simply too time-consuming. People are busy and the full calendars don’t allow for many new activities. When they need to spend 15 minutes or longer on a training session, they simply won’t be able to do it.

Also, many training solutions are built on passive learning methods. For instance, videos are often used in training material. These are often long-winded and worse, they don’t engage the user. All the user has to do is sit down and listen. A minute of this can feel like an eternity if you have a busy schedule.

Learners often lack intrinsic motivation during these lessons. The only reason they train security awareness is because their boss tells them to. This is why there is nothing fulfilling about the learning experience, which makes it harder to stay engaged and retain any of the information.

Last but not least, there simply is never an element of fun involved. Remember that one teacher back in school who made a lesson feel like a breeze? Where you would pay attention because class was fun and engaging, which resulted in better grades? Having fun is an integral part of an effective learning experience, and it’s lacking in a lot of security awareness training solutions.

How Guardey makes security awareness training fun

Guardey puts gamification at the center of security awareness training. We took a look at Duolingo, similar learning tools, and actual video games to see what it is that makes them so engaging. Then we incorporated those principles into Guardey.

1. Micro challenges

Our attention spans are shorter than ever. We’re used to short video content, short paragraphs, and short games on our smartphones.

With Guardey, one cybersecurity challenge takes only three minutes to complete. There are no long-winded videos or long pieces of text that take ages to get through.

Example of a Guardey challenge

This makes it easy to fit Guardey into your schedule, no matter how busy you are. It also prevents learners from falling asleep during training.

2. Weekly training

We already established that repetition is key. That’s why with Guardey, you take on a micro challenge every week. Every week, learners learn about a different cyber threat.

The streak display in Guardey

By showing up every week, learners create a streak, which in turn improves their overall score. This keeps them intrinsically motivated to keep using Guardey on a regular basis.

3. Interactive learning

We take pride in offering 0.0% passive learning in Guardey. We don’t believe in reenacting a classroom where a teacher speaks and the students listen.

All Guardey challenges are fully interactive. Learners are always answering questions in a playful, quick manner. Because there are no videos or pages on pages of text to plow through, learners are always in the driver’s seat and actively engaging.

📚 Related: “We use Guardey to comply with our cyber insurance’s requirements.”

4. Storytelling

If there’s one thing that makes a videogame fun, it’s when you get to play a role in a story.

Learning about cybersecurity because you understand it’s important is one thing. Being able to score points is another. But what if you had to protect your fictional organization from data leaks and potentially going bankrupt? All of a sudden, you find yourself in the middle of a story — which makes the experience much more fun.

With Guardey, every learner starts a fictional organization. Every time they perform well during a challenge, the organization’s reputation improves and they make money. If they don’t perform well, their reputation tanks and they lose money.

5. Achievements

Another way to boost intrinsical motivation is to reward them for good performances.

Achievements

In Guardey, learners can collect achievements by scoring points, taking on a number of challenges, or having long playing streaks. Gotta catch ‘em all!

6. A leaderboard

On a company-wide leaderboard, learners can see how they are performing compared to their colleagues. This often leads to friendly competition and a lot of internal conversations about the topics at hand.

Leaderboard kopie

The leaderboard has proven to be a powerful way to intrinsically motivate learners to keep showing up. Some learners have started chat groups with colleagues just to discuss the outcomes of the weekly Guardey challenges. Some organizations are giving out quarterly prizes for the leader of the board.

📚 Related: “Our training participation has gone through the roof with Guardey.”

7. Immediate feedback

After every question during a challenge, learners get immediate feedback in the form of a few lines of text. Learners are often eager to read this feedback, especially after they get a question wrong. Because of this, they are also more likely to retain the information.

From checking off compliance to a culture shift

For a long time, security awareness training was something that employees would reluctantly show up to and check off their to-do list. If they were able to cheat, slack off, not pay attention or not even participate at all, they would. The information rarely stuck and not long after the training, the awareness had worn off.

Guardey contributes to a security awareness culture. Because the training is fun and competitive, colleagues engage with it regularly, until it becomes a consistent part of their work activities. Some organizations also choose to play a Guardey challenge during periodic meetings or presentations. This helps them foster a sense that everybody in the organization plays a part in keeping it safe.

Guardey makes security awareness training fun

Security awareness training shouldn’t be something you just check off your compliance checklist. It can be an effective way to turn your colleagues into a human firewall that recognizes cyber threats and reports them.

That’s why any organization should invest in a solution that keeps learners engaged for a long period of time.

We built Guardey on gamification principles to make the learning experience fun and effective. Our customers report higher participation rates, more reported cyber threats, and increased internal discussions about cyber security.

Don’t let hackers outsmart you. Try Guardey free for 14 days →

Resources you might be interested in

Cyber security
The 17 best phishing awareness training programs in 2024
Cyber security
The 18 best cyber security awareness courses in 2024
Cyber security
The 9 best GDPR training games for employees
Resource center
Anouk CTA Guardey website
FREE 14-DAY TRIAL

Experience Guardey today.

  • Try completely risk free
  • 24/7 support
Start 14-day free trial