Smart Groups

Smart Groups Gamification Automation Guide

In this article, you will learn how to use Smart Groups to gamify your security awareness program. Gamification can be applied to almost any user action, from completing training courses to reporting Phishing Security Tests (PSTs). We recommend using Smart Groups to identify users who have completed favorable actions, such as reporting two PSTs in one month.

For general information about creating Smart Groups, see our Smart Groups Quickstart Guide.

Step One: Plan the Rules of the Game

First, you’ll need to plan the rules of your game. This process is highly customizable, so we recommend using the questions below to plan your gamification process:

  1. What skills or actions do you want to target? For example, you could encourage users to report PSTs with the Phish Alert Button (PAB). Or, you could ask users to complete optional training by a certain date.
  2. How do you want to score the game? In other words, what defines success in your gamification process? For example, if a user reports three PSTs within a month, they have succeeded in the game.
  3. How long will this gamification process run? Determining a time frame will help you add accurate Smart Group criteria.

Gamification can be as simple or as complex as you would like. For example, you could create a simple game for reporting PSTs. To win this game, a user must report at least three PSTs in one month. Because this game only measures one type of action, you only need to create one Smart Group. 

Or, you could make your game more complex. To win this game, users must earn 100 points in one month. Users earn 25 points for each PST they report and lose 25 points for each PST they fail. For this game, you would need a Smart Group for each combination of actions a user could take. For example, your Smart Groups could target the following combinations of actions:

Smart Group #1: Users who have reported four PSTs.

Smart Group #2: Users who have reported five PSTs and failed one PST.

Both of these combinations of actions add up to 100 points, so both groups include successful users. You can adjust the criteria for these groups based on how often you send PSTs to your users.

Step Two: Create Smart Groups for Your Game

Once you’ve planned your rules, you can create Smart Groups for your game. You will need to create Smart Groups for users who successfully complete your game as well as users who don’t successfully complete your game. 

First, create a Smart Group to identify successful users. We recommend referencing our Smart Groups Glossary of Criteria Types to find the criteria that will work best for your group.

For example, if you want to create a game based on the simple example in the Step One: Plan the Rules of the Game section above, start by creating a Smart Group for successful users. We recommend naming this group something identifiable, such as “Successful Users”.

Then, add the following Phish Event criterion:

1. Condition: Select Must.
2. Phish Event: Select Reported.
3. Comparison: Select Greater Than.
4. Count: Enter your desired number of reported phishing emails.
5. Time Frame: Select Range. Then, enter your desired start and end dates.

After you’ve filled out the fields listed above, click Save. Your finished criterion will state:

Phish Event

User must have reported a phishing test greater than 2 times from 07/01/2022 through 08/01/2022.

Next, create one or more Smart Groups for users who did not succeed in your game. For example, if you’re following the simple game example from the Step One: Plan the Rules of the Game section above, your unsuccessful group should include any users who did not report any PSTs they received. We recommend naming this group something identifiable, such as “Unsuccessful Users”.

Then, add the following Phish Event criterion:

1. Condition: Select Must Not.
2. Phish Event: Select Reported.
3. Comparison: Select Greater Than.
4. Count: Enter your desired number of unreported phishing tests.
5. Time Frame: Select Range. Then, enter your desired start and end dates.

After you’ve filled out the fields listed above, click Save. Your finished criterion will state:

Phish Event

User must not have reported a phishing test greater than 0 times from 07/01/2022 through 08/01/2022.

Your game should target security awareness skills in your users, so anyone who doesn't win the game may need to improve their security knowledge. For example, if your game is focused on PST failures, you could enroll users in remedial training if they don’t succeed in your game.

Once you’ve created your Smart Groups, we recommend communicating the rules and timeline of your game with your users. Then, use the other features in your KMSAT console, such as phishing or training, to start the game.

Step Three: Reward Successful Users

After your game ends, we recommend rewarding your successful users to encourage them to maintain their strong security awareness habits. For example, you could send a message to congratulate users for winning the game.

Tip: You can use our User Messaging feature to send a custom message to your successful Smart Group in the Learner Experience.

Once your game has ended, view your successful Smart Group to see the complete list of users. You can view this Smart Group by navigating to Users > Groups > and clicking on the name of the Smart Group. You can also export this information as a CSV file by clicking the Generate CSV button on the Smart Group’s overview page.

Can't find what you're looking for?

Contact Support