Making information security accessible for everyone
Empowering GSK colleagues to expand their knowledge
As a global company, information security is a big focus for GSK and they have multiple tests and systems in place to keep it at the forefront of their people’s minds. When internal penetration tests showed that greater knowledge was required around phishing in key areas of the business, it became clear that additional communications were needed to highlight the importance of cyber security, to educate people and change behaviour to keep them safe online.
A fun online quiz, encouraging employees to test their knowledge and learn about cyber security in an active way. Players could take the quiz individually, and form teams to play other areas of the business, making cyber security something people actively wanted to get involved with. We hosted the quiz externally on GSK’s behalf, following their security protocols and using an encrypted two-step authentication process. No personal data was stored so people could feel confident and secure whilst playing. We kept the quiz mechanics and login process simple, people accessed and registered through a secure link, so players had a seamless experience, encouraging them to play again.
Feedback to the quiz was overwhelmingly positive. It was a targeted activity, so only specific people were invited from areas of the business where issues had been highlighted. Over 300 people took part in the initial quiz from across 12 countries, which is a great result for a voluntary activity. On average, each person played the quiz 3.3 times, proving it was something they returned to multiple times, strengthening their awareness on phishing each time. The response was so successful that a second quiz on cyber awareness was then created and translated into six languages. Building on the overwhelmingly positive response to the quizzes, a cyber security game has also been developed, which is due to launch shortly. This browser-based game involves identifying and reporting phishing emails against the clock, highlighting the importance of vigilance but also the need to report them quickly.