Gamification Report

The Gamification Report motivates users to actively engage in phishing simulations (Phishing, Callback, Vishing, Smishing, Quishing) and security awareness training by using a points system. Users earn points for positive actions and lose points for risky behaviors, helping to improve security awareness.

The feature includes a leaderboard to display top performers, with Gold, Silver, and Bronze badges for the top three. It also provides a live ranking view and an all-time top 10 list, making it easy for administrators to monitor progress and recognize achievements, fostering a more security-conscious workplace.

How to Access Gamification Report

• Log in to the platform.

• Go to Reports > Gamification Report page from the left-hand menu to access the report.

How to Understand Gamification Report

The Gamification Report comprises several key components:

• Leaderboard: Displays user rankings based on points accumulated through actions in simulations and training.

  • Top Performers: Highlights the top three users for a chosen timeframe, awarding Gold, Silver, and Bronze badges accordingly. These are your top three most security-aware users.

  • Ongoing Period Ranking: Provides a live ranking table of users in the selected date range period, detailing rank, name, email, department, performance, total points.

• Date Range: Select a specific timeframe for viewing user performance data for that period.

• Filtering and Sorting: The leaderboard table supports search, filtering, and sorting functionalities, allowing administrators to view specific groups or individuals.

• Export Options: Download the leaderboard data in CSV, Excel, or PDF formats for further analysis.

Understanding Points and Performance Calculations

The Gamification Report awards points for positive actions and deducts points for risky actions. This scoring system applies across different simulation types (Phishing, Callback, Vishing, Smishing, Quishing) and Security Awareness Training.

Simulations Scoring

Each simulation type has specific actions with associated points based on the difficulty level (Easy, Medium, Hard):

1. Phishing Simulation

   • No Response: 0 points.

   • Opened Email: 0 points.

   • Clicked Link:

     • Easy: -200 points

     • Medium: -100 points

     • Hard: -50 points

   • Submitted Data:

     • Easy: -400 points

     • Medium: -200 points

     • Hard: -100 points

   • Opened Attachment:

     • Easy: -300 points

     • Medium: -150 points

     • Hard: -75 points

   • Submitted MFA Code:

     • Easy: -400 points

     • Medium: -200 points

     • Hard: -100 points

2. Callback Simulation

   • No Response: 0 points.

   • Opened Email: 0 points.

   • Called Back:

     • Easy: -200 points

     • Medium: -100 points

     • Hard: -50 points

   • Entered Digits (in response to the call):

     • Easy: -300 points

     • Medium: -150 points

     • Hard: -75 points

3. Vishing Simulation

   • No Response: 0 points.

   • Answered Call:

     • Easy: -100 points

     • Medium: -50 points

     • Hard: -25 points

   • Vished (followed scam instructions):

     • Easy: -300 points

     • Medium: -150 points

     • Hard: -75 points

4. Smishing Simulation

   • No Response: 0 points.

   • Clicked Link:

     • Easy: -200 points

     • Medium: -100 points

     • Hard: -50 points

   • Submitted Data:

     • Easy: -300 points

     • Medium: -150 points

     • Hard: -75 points

   • Submitted MFA Code:

     • Easy: -400 points

     • Medium: -200 points

     • Hard: -100 points

5. Quishing (QR Code Phishing)

   • No Response: 0 points.

   • Scanned QR Link:

     • Easy: -200 points

     • Medium: -100 points

     • Hard: -50 points

   • Submitted Data:

     • Easy: -300 points

     • Medium: -150 points

     • Hard: -75 points

   • Submitted MFA Code:

     • Easy: -400 points

     • Medium: -200 points

     • Hard: -100 points

Security Awareness Training Scoring

1. No Response: 0 points.

2. Opened Email (but did not click): -100 points.

3. Clicked Training Link: +50 points.

4. Completed Training: +100 points.

5. Passed Exam: +200 points.

6. Failed Exam: -150 points.

7. Joined Training within 24 Hours: +100 extra points.

8. Joined 1-3 Days After Invitation: 0 points.

9. Joined After 3 Days: -50 points.

Reporting Phishing Emails Scoring

If users report suspicious emails promptly, they receive additional points based on the time taken to report:

Performance Percentage Calculation

The Performance Percentage helps to measure a user’s performance based on the points they have earned compared to the maximum points they could have achieved.

The formula is:

Performance Percentage = (Total Points Earned / Total Possible Points) * 100

• Total Points Earned: The total points the user has scored from their actions in simulations and training.

• Total Possible Points: The highest possible points the user could have earned from all the simulations they participated in.

Special Rules:

• If the user’s Total Points are negative, their Performance Percentage is set to 0%.

• If the user’s Total Points are positive, the percentage is calculated using the formula above.

Interpreting the Performance Percentage:

• 80% or higher: This is considered good performance.

• Below 50%: This suggests the user may need more training.

For more information, please contact support.

FAQ

Q: I don't see total target users in my gamification report; why is that?

A: The "No Response" users are not shown on the gamification report. The users who had interaction with the simulation and training are shown on the report as explained in the document.