Project Brief
A religious non-profit organization was experiencing a high volume of cyber attacks targeted at its national headquarters. In response, the IT leadership team enlisted the communications and training departments' help to identify solutions for reducing incidents.
Approach
Logistically, the training had to account for a wide range of variables. The target audience was a multigenerational office of professionals comprised of varying levels of computer literacy. Additionally, a handful of the individuals who were repeat targets worked in distributed offices across the U.S.
The team implemented a multifaceted training approach to address these challenges, including gamified social media posts on an internal Facebook group, email campaigns, and in-person training.
I led the project's e-Learning component, where I worked closely with IT security representatives to recreate realistic scenarios. After synthesizing the scenarios, I developed a branded experience that fit with the marketing's tone of "the cool professor," bypassing the common fear-based imagery that a majority of phishing simulations adopt.
I developed custom graphics and animated gifs using Adobe Illustrator, Photoshop, and After Effects to create a lighthearted and playful aesthetic. I also developed all the interactions and custom variables for the simulation using Articulate Storyline 360 and JavaScript.
I had the opportunity to lead all of the design, development, and UX/UI considerations for the project.
Outcomes
At the end of the training campaign, the organization saw impressive results:
- The number of incidents where staff clicked on phishing links dropped by over 80% within the first four months.
- Staff emailed the IT department saying how much they appreciated the holistic approach and positive tone.
- There were staff posting on the internal Facebook page sharing their experiences with phishing and raising overall social awareness.