Security Awareness Games in Slack

Travis Good
August 24, 2022

Developing games in Slack has been on our roadmap for a long time. Security and privacy games in Slack align with our goals of making training:

  • Automated - Slack gives Haekka unique user assignment and user management abilities that make training smart.
  • Engaging - content needs to be engaging to be effective.
  • Continuous - training needs to be more than annual.
  • Quantifiable - training should be measured and optimized.

With games, we now have 5 different types of training on Haekka in Slack.

  1. Training - lesson-based courses, typically assigned at onboarding and annually.
  2. Engagements - user-created messages created, use cases include announcements, policy acknowledgments, quizzes, surveys, etc.
  3. Streams - thematic content (security news, alerts, HIPAA, NCSAM, etc.) subscription delivered weekly in Slack.
  4. Workflows - smart training triggered in real-time based on user actions (events) in SaaS apps, things like sharing files or changing account configurations.
  5. Games - logic-based content measuring learning and engaging on content where and as needed.

Smart Training (logic-based learning)

We built several features into Haekka Trainings to make it easier to create and play games in Slack. The primary feature is branching logic between lessons. This enables users to branch or change the flow of content based on user input. While seemingly simple, this enables a host of logic based games that admins can create for Slack and users can take in Slack.

The idea behind logic-based games is that you tailor training to the user. Below are examples.

  • The training can be tailored based on the user's knowledge. If a user answers questions correctly, they skip certain lessons.
  • The training can be tailored to the user’s profile. If the user is in a certain department or performs a certain function, specific content can be shown or not shown to the user.

Why games in Slack?

Users love ❤️ learning in Slack. We hear this consistently from our users. The interactions are fast and the content is digestible.

Games in Slack are a natural extension of this. The logic, coupled with the conversational interactions in Slack, make logic-based games a good fit.

Additionally, Games use the same editor as our other trainings so it’s simple to bring files, images, and video into games.

Slack Game: URL -> Real or Fake

Reading a URL is an important skill. Wherever messages are delivered - email, text, social media, etc. - it’s possible to receive fake URLs. This is incredibly common in email-based phishing attacks. In fact, knowing how to read a URL is the most important skill you can have to avoid becoming a victim of phishing attacks.

That’s why we decided to build our first game as a fun, interactive way to become a boss at reading URLs. The game walks users through a series of challenges to identify real URLs. Based on how a user answers those questions, the logic of the game presents appropriate lessons.

The game covers everything from finding the root domain, what are subdomains, how to examine a root domain, and how to interpret long character strings at the end of a URL.

Below is an image from the game in Slack:

The URL game is immediately available to all Haekka customers. It is 100% customizable.

More Slack Security Games

We are working on more games for Haekka users in Slack. And you can create your own games using custom content.

Our next set of games will be like the “choose your own adventure” children's books. If you have ideas for games, reach out. We’d love to hear them.

If you want to try games in Slack, you can sign up for a trial today.