RNP was summoned for a special mission within the Ministry of Defense (MD) in 2022: to promote an information security awareness campaign for the employees that would really generate engagement and greater attention regarding the risks they are facing, not only in the work routine, but also in the different moments of technology use in their private lives.

As, for RNP, mission given is mission accomplished, the DAGSOL team responsible for cooperation, together with specialists in Information Security, orchestrated the execution of the initiative and the result was so positive that the inputs obtained by the campaign are already part of a kind of action plan to mitigate the risks observed in relation to the MD's internal processes.

Gamification as background

From the beginning, the Ministry highlighted the need to hire a platform that worked with gamification to boost participant engagement. After much research by RNP, the Hacker Rangers solution emerged as the one that met all the pre-established requirements, which ended up being proven with a Proof of Concept (POC) held in May.

In August, between the 8th and 12th, a test week was held within the Information Security Center (NUSIC), which served to validate the content made available and adjust some pointers for the larger campaign in the same month.

“The information security and privacy awareness campaign, carried out in partnership with RNP, has been a success. The choice for the gamification modality, using the Hacker Rangers platform, innovated the way in which knowledge is transmitted to the servers and employees of the Ministry of Defense. The platform has allowed us to spread the IS culture and privacy to users through a fun and ludic competition, in addition to providing competitors with interaction and collaboration with the IT Security area of the agency. Through cyber attitudes, risks were reported, identified and it was possible to increase the security applied in our network”, says the coordinator of NUSIC/MD, Daniel de Souza.

Five weeks of content and engagement

From 8/22 to 9/23, employees of the Department of Information and Communication Technology (DETIC), from interns to longtime employees, including outsourced workers, participated in the competition permeated by a lot of educational content around information security. During this period, 25 courses were made available, 25 quizzes were held, six phishings were launched (to test the attention of participants, with loss of score for those who failed) and 4 challenges were proposed.

In addition to the dispute itself, Hacker Rangers provides a space called Ciberatitudes, as if it were a channel for direct contact with the platform for participants to report actions that can earn points, for example: reporting risks, helping colleagues and feedback.

This channel was precisely the icing on the campaign cake. With engagement at the top, employees shared various information related to risks, some of which had not been previously mapped, such as, for example, the physical access to the Ministry building, which is shared with another body, therefore, it has vulnerabilities and the need to update the Information Security Policy used internally.

“The most interesting part is that the campaign went beyond the limits of the corporate environment and reached people's homes. And that was really cool, because an information security campaign that is limited to the professional, in corporate day-to-day, probably won't engage the user and won't really raise awareness. There's no way he can have one attitude inside the institution and a different one outside it. So, we brought up some topics such as WhatsApp security, social networks in general, virtual card, which actually reached the end user and we received some very nice compliments. These things show that we were able to pass on the information we wanted and it warms our hearts to see that it was not just another awareness campaign, it had real engagement”, says RNP Information Security analyst Caroline Santos, responsible for planning and monitoring the entire campaign.

Check out the campaign numbers and testimonials from participants