Even as security controls continue to improve, it is becoming increasingly apparent that humans are a major cause of computer security failures. The "whoops factor" and the "non-deliberate insider" are just two user profiles responsible for the vast majority of global organizations being hit by a virus, worm or breach in the past 12 months.
Security awareness training establishes a reputation of being a powerful tool for developing a proactive enterprise security culture within the enterprise. Gamification is the use of game mechanics in nonentertainment environments to improve user awareness, retention and application of security knowledge. Gamification can change user behavior by increasing engagement, building loyalty and encouraging participation.
The material will be valuable for security software companies as well as for companies want to improve security culture at the working places.
Video: http://www.youtube.com/watch?v=7V-e1G0xqSw
1. Click to edit Master title style
How to make people enjoy security
and raise their user awareness via gamification ?
Vera Trubacheva
Business Analyst, DLP Research
Kaspersky Lab
Security Analyst Summit 2013, Puerto Rico
2. How to raise security?
Click to edit Master title style
Page 2 Security Analyst Summit 2013, Puerto Rico
3. Humans are the weakest link
Click to edit Master title style
Page 3 Security Analyst Summit 2013, Puerto Rico
4. Humans are the weakest link
Click to edit Master title style
70% of
companies
named humans
as their
greatest
vulnerability
Deloitte
Page 4 Security Analyst Summit 2013, Puerto Rico
5. Click to edit Masterreduces risks
User awareness title style
User awareness is 1 of top 3 security
initiatives for big companies for 2013
Deloitte
Page 5 Security Analyst Summit 2013, Puerto Rico
6. Why traditional training failed?
Click to edit Master title style
“Security training… uhh”
Users
Page 6 Security Analyst Summit 2013, Puerto Rico
7. How to raise security?
Click to edit Master title style
1. Gamification can raise user awareness
2. Gamification can raise people’s loyalty
to security policies
Gamification can raise security
Page 7 Security Analyst Summit 2013, Puerto Rico
8. Click to edit Master title style
Levels
1. What?
2. Where?
3. How?
9. Click to edit Master title style
Level 1:
What is gamification?
10. Click to edit Master title style
Page 10 Security Analyst Summit 2013, Puerto Rico
11. Gamification is effective
Click to edit Master title style
70% Gartner
Page 11 Security Analyst Summit 2013, Puerto Rico
12. Gamification is effective
Click to edit Master title style
50% Gartner
Page 12 Security Analyst Summit 2013, Puerto Rico
13. Gamification is effective
Click to edit Master title style
1. Education
2. Innovation
3. Employees performance
Gartner
Page 13 Security Analyst Summit 2013, Puerto Rico
14. Gamification is effective
Click to edit Master title style
Dopamine
Pleasure
Page 14 Security Analyst Summit 2013, Puerto Rico
15. Click to edit Master title style
Level 2:
Where is gamification used?
16. Gamification is good for learning
Click to edit Master title style
Page 16 Security Analyst Summit 2013, Puerto Rico
17. Gamification is good for learning
Click to edit Master title style
1. Simulation
2. Stories
Page 17 Security Analyst Summit 2013, Puerto Rico
18. Gamification to learn
Click to edit Master title style
CyberCIEGE – used to teach network security
by US Navy
Page 18 Security Analyst Summit 2013, Puerto Rico
19. Gamification to learn
Click to edit Master title style
Cybersecure: Your Medical Practice used to
teach how to comply with HIPAA
Page 19 Security Analyst Summit 2013, Puerto Rico
20. Gamification to learn
Click to edit Master title style
Anti-Phishing Phil – used by US Airforce and
worldwide
Page 20 Security Analyst Summit 2013, Puerto Rico
21. Clickdoes security education via gamification?
Who to edit Master title style
Page 21 Security Analyst Summit 2013, Puerto Rico
22. Clickdoes security education via gamification?
Who to edit Master title style
Security
vendors?
Page 22 Security Analyst Summit 2013, Puerto Rico
23. Click to edit Master title style
Level 3:
How can we use gamification?
24. Click to edit Master title style Lab
Gamification at Kaspersky
Page 24 Security Analyst Summit 2013, Puerto Rico
25. Click to edit Master title style awareness
Gamification to raise user
1. Train in context
2. Tell a story
3. Mock situations
4. Force to make decisions
5. Provide feedback
Page 25 Security Analyst Summit 2013, Puerto Rico
26. To raise user awareness
Click to edit Master title style
Play game to learn
what phishing is
Page 26 Security Analyst Summit 2013, Puerto Rico
27. Click to edit Master title style awareness
Gamification to raise user
Integration with training from experts
Page 27 Security Analyst Summit 2013, Puerto Rico
28. Click to edit Master title style awareness
Gamification to raise user
1. Simulated games - easy
2. Part of real games - challenge
Page 28 Security Analyst Summit 2013, Puerto Rico
29. Click to edit Master title style awareness
Gamification to raise user
Page 29 Security Analyst Summit 2013, Puerto Rico
30. Gamification to comply with policies
Click to edit Master title style
Page 30 Security Analyst Summit 2013, Puerto Rico
31. Gamification to comply with policies
Click to edit Master title style
Security points
Page 31 Security Analyst Summit 2013, Puerto Rico
32. Gamification to comply with policies
Click to edit Master title style
Building things
Page 32 Security Analyst Summit 2013, Puerto Rico
33. Gamification to comply with policies
Click to edit Master title style
Page 33 Security Analyst Summit 2013, Puerto Rico
34. Gamification to comply with policies
Click to edit Master title style
Page 34 Security Analyst Summit 2013, Puerto Rico
35. Gamification to comply with policies
Click to edit Master title style
Security statuses
Page 35 Security Analyst Summit 2013, Puerto Rico
36. Gamification to comply with policies
Click to edit Master title style
Security statuses
Good rating Bad rating
Page 36 Security Analyst Summit 2013, Puerto Rico
37. Gamification to change behavior
Click to edit Master title style
Page 37 Security Analyst Summit 2013, Puerto Rico
38. Gamification to change behavior
Click to edit Master title style
Page 38 Security Analyst Summit 2013, Puerto Rico
39. Summary
Click to edit Master title style
1. Gamification can raise user
awareness
2. Gamification can raise people
loyalty to security policies
3. Let’s use gamification in our
products!
Page 39 Security Analyst Summit 2013, Puerto Rico
40. Well done!
Click to edit Master title style
Congrats Winners!
Page 40 Security Analyst Summit 2013, Puerto Rico
41. Click to edit Master title style
How to make people enjoy security
and raise their user awareness via gamification?
Have fun ;)
Vera Trubacheva
Business Analyst, DLP Research
Kaspersky Lab
Vera.Trubacheva@kaspersky.com
+7 495 797 8700 x4201
Security Analyst Summit 2013, Puerto Rico
42. Gamification to change behavior
Click to edit Master title style
Page 42 Security Analyst Summit 2013, Puerto Rico
43. Gamification elements
Click to edit Master title style
Leader Boards
Badges
Points
Challenges
Rewards
Feedback
Page 43 Security Analyst Summit 2013, Puerto Rico
44. Gamer types
Click to edit Master title style
1. Achievers
2. Socializers
3. Explorers
4. Killers
Page 44 Security Analyst Summit 2013, Puerto Rico
Hinweis der Redaktion
Hello, guys!Who played football, basketball in childhood? Raise your hand please.You were the first to answer. Catch the ball!It was fun to play, right? Years passed, but nothing changed! We are adults, but we do play games. So let’s play a game today. We already have 2 teams. This team, you will be Shooters. This team, you will be Troopers.There will be 3 levels in our game. On each level I will ask you questions. Those of you who answer first, will get a tasty chocolate. The team that gets more chocolates will win and get a special prize.Assistant, give a reward to a man that caught the ball for being agile please. Let’s come back to the games. According to statistics an average age of a video game player is …Which do you think? Your ideas?You were the most close to the right answer.You get a chocolate for being smart.On the average players are 30-35 years old. Not children.It’s stunning! People spend 3 billion hours per week playing online games!It would be great to use that time for the better! Like raising security. That's what we are after.And it is possible! Games canraise security. Today I will tell you how.
How to raise security? The first level of defense is a security product of course. We are the best at this. We have a great AV, AC, DC and other technologies.
But the zero level of defense is a human.Because humans make mistakes. Because humans can switch the securityproduct off. For example sometimes it happens with anti-viruses that are annoying.
If people don’t understand security rules, it’s all for nothing!According to recent Deloitte Global Security Survey 70% of companies namedhumans as their greatest vulnerability
They said user awareness is 1out of top 3 security initiatives for big companies for this year. Because security awareness reduces risksSo, now companies do understand that they need to teach their employees security basics. But today security education sucks.
It is usually a lecture or e-learning courseor read-here-and-sign-here document. It is out of the context and it is long. Feedback and measurement are limited. And... The most important: it is BORING!But. Millions of people adore playing games, they learn through games. The research shows that learning through games is effective both for children and adults. So why don’t we use this approach for teaching security?
Gamification can raise user awareness and userloyalty to security policies. Gamification can engage people, teach security and allow to have fun while complying with security policies.
So let’s talk /what gamification is, /where it is used, how /we can use it in our products and get a competitive advantage. Let’s go ahead!
Gamification originates from game.What is a game? It is an activity to get pleasure, entertainment and skills improvement.
Who recognized this game? How is it called? That man gets a reward for great memory!Yes, it is Mario game popular in the90s. Do you remember what was in this game?Mario is required to save a princess in a castle. He passes the levels, gets mushrooms and stars and kills the monster.What is a gamification? It is an application of |game elements and |game thinking to |non-game context to drive a desired behavior. The aim is to \\engage people, \\motivate actions and promote \\learning. It is a popular trend nowadays. Gamification is used by such giants as IBM, Cisco, Nike, Microsoft, Samsung, Starbucks, Xerox.
It is expected that gamification approach will grow in the near future. According to the Gartner Group, by 2015, 70% of all the biggest companies in the worldwill be actively using gamification in their business.
And 50% of their innovation process will be gamified.
Gartnersays that gamification if effective for education, innovation and employees performance.
Why it works? I guess you remember your game experience. Games bring emotions, competition, experimentand fun. And what is the most important… it works due to our physiology. Neuroscientists proved that a pleasure hormone called dopamine is released in our brain when we get positive feedback, rewards, and skills improvement. Fellows, there is a serious science behind games. I will not tell you the details how to implement gamification and the science.You played games, you most likely remember what game mechanics are. Like challenges, prizes, leaderboards, and so on. Today I will just share the idea.And the idea is let’s use gamificationin our products.
Where is gamification used? Actually it’s not new. It has been around for a long time. Just now more ways appeared with IT industry development.Who has a Facebook account? That man/woman gets a reward for being social.Facebook is probablyone the most successful non-game game ever invented. It has implemented game mechanics and reward structures that keep a lot of people coming back several times a day. Well, gamificationcan be applied in many areas. But today we will talk only about gamification for security.
Gamification is good for learning. Deloiteи Хeroxcompanies know it and teach their employees and clients exactly that way.The goal of gamification for education is to take content that is typically presented as a lecture and add game-based elements like story, challenge, feedback, rewards, and so on.. It can be a full educational game. Or justgame-elements in the daily routine. Like.. behaving safely
Why is it effective for learning? The first reason. Any game is a simulation model of some situation. There is a problem to solve.. for a player. The player makes decisions and faces the result of that decisions. Users learn by confronting the consequences of their actions. F.e. security actions.So by simulating real security situations, like losing unencrypted notebook, we can help people to understand why security rules are required and help them remember right decisions.The second reason. We have stories in games. People like stories. Do you want me to tell you a story, a joke instead of talking about security? Once a pon a time… Oh, no, our topic is gamification. That anekdote is later. Stories teach better than instructions. The research proves it. Stories provide context. People remember details in context. Not separately. Learning in the context is effective.Of course education through games is not necessary everywhere, in any case. It is just one of the ways to teach. BUT. If applied appropriately it brings magnificent results.The aviation industry, the military and medical teams know it. That’s why they relyfor decades on simulations when training their experts.
Many years the militariesuse computer games for war simulations. And now there is a special game to teach network security concepts for U.S. Navy.
Today a game is used to teach HIPAAsecurity rules. HIPAA is national compliance that lists requirements how to protect health information for medical organizations. Companies who used it called it effective. Such an approach would be quite useful for PCI DSS and other compliances.
Oh, I love this slide. Look at this game. It teaches how to avoid phishing. There is a small education at the beginning. This is Anti-Phishing Phil. He must choose the “good” worms to swallow and reject the bad ones. Worms are URLs. A mentor fish gives you advice when you’re stuck.It is enough to play it once and spend just 10 minutes for a new employee. Thisbrilliantgame is deployed in the US Airforce, banks, health-care, insurance companies. They found that this approach led to a 45% reduction in falling for phishingI played this game and loved it. It was fun! BTW I found out about some phishing tricks there.
Who provides security education through gamification today? Wombat. I showed you the movie about Anti-Phishing Phil. Except that they provide games to teach Email Security, Safe Social Networks, Smartphone Security and so on.EMC company is using Wombat’s games to teach their employees against APT attacks and phishing. Another company Apozyis developing cloud based platform to perform gamified security awareness. They said their platform will be available for integration to other products.
What our competitors are doing in this direction? Nothing… Yet.. Or probably I know nothing about it because they hide it.Well. Idea. Security education should be provided with the security software and use gamification approach.Today it doesn’t exist yet. Actually security software with built-in education does not exist either. Usually education is provided separately from the security product. It is out of context.Guys, let’s provide education in the context. I mean with our products. We can benefit from gamified education build-in our products.
How we can do it?BTW, do you know that our company uses gamification for quite a long time? Remember the 4th floor in Moscow headquarters?Who knows what kind of gamification is used there? You get a reward for being attentive!
Yeah, we have a leader board there for our virus analysts. It shows who worked up more viruses. Let’s come back to security though gamification. We have two aims. The 1st one: to raise user awareness. The 2nd one: to raise user loyalty to security policies.
How can we raise user awareness with gamification?We could teach security through mini quests with security challenges. For example, a role-play game provided by our Endpoint Security. The mission is to save your company from hackers. An employee chooses the role: a hacker or a defender. Then the player makes decisions considering security concepts. Employees can play with a computer or witheach other. And this is more effective. Cause they will know how a real rival thinks. So, by simulating real security situations we will help people to understand why security rules are required. And we can help them remember right decisions. It works for the militaries. It will help |us as well!It should not be a full game. Short quests. May be in free time. If it is fun and interesting, believe me, people will play in their free time. And Microsoft story is a good example! If you don’t know it, ask me, I’ll tell you later.Or it can be quests for new people to teach security basics. Just to play it ones and spend 10 minutes. It could be periodical games to refresh security knowledge. It will be effective to provide education in the context. We can easily do it in our products. Like DLP (we have being already thinking about it). Or we can do it in our AV.
Look, a user is caught by a phishing link. We can not only show the user a dialog as it happens today. CLICKBut, we could provide the user with a small education and a game like Anti-Phishing Phil to enhance assimilation of information
BTW we can provide not our own education. I mean we are security experts, not teachers. But we can make friends with educational experts. And integrate it to our products.
We can go further. We can become a part of real games. Imagine. The Simsor World of Worcraft. The next quest for a player. The player is required to pass through a door…And there is misprint on the door. Not a facebook.com, but something like this.
This is a phishing door! Byсreating security levels in popular games, we can spread security knowledgewithout intention… and get some PR..
OK. How can we raise user loyalty to security policies? Some ideas.We can encourage people with thank you when they behave safely. It’s a details but it’s pleasant. People feel pleasure from dopamine release, remember?
We can give security points those who don’t abuse policies. The company can decide how to convert the points into real things. It will be easier for security officers to motivate users.
We can give users ability to build things. Imagine a screensaver. You get fish for behaving safely. For special achievements you get exotic fish or a shark. When you abuse policies some fish dies. It is a screensaver. Everybody can see it. So everybody can see how many or few fish you have.Or not fish, you can grow a tree. Or perform car tunning. Or build a castle. Except for competition and reputation it is a way of selfdemonstration.
We can have security ratings. We could gamify our current Dashboard.
And make it Leader board.
We can show security statuses in public. Imagine. Avatar in the OCS changes depending on user’s security rating.
For example, when I have a good rating, I have a normal avatar in OCS. But when my rating is bad… If I know that my colleagues see my face like this, believe me, I will do my best to restore my normal face. BTW Reputation is an ancient and one of the most powerful tools to influence behavior.
Guys. I have a question for you. Imagine. You are tired after the busy working day. You get out of subway and see this.Who will use an escalator, raise your hand please? Who will use stairs? Ok the majority will use escalator.And now let’s have a competition. Teams, we have a serious mission here. To improve health of people. Especially those who stay in the office, sitting all the day long… at the computers...Our challenge is to make people use stairs even if the escalator is working. Attention. This is a real case. Those who know how it was solved and where, please don’t help us.So, challenge. How to get people use the stairs despite escalator working?Teams, you have 1 minute to generate your ideas. We will count them. Good ideas will bring you rewards. Teams, you man speak to each other.Do you want to know how this challenge was solved in Sweden?
The Fun Theory is a project created by Volkswagen to promote healthy living and environmental protection.It is gamificationapplication for the better!Guys, before we summarize, let’s find the most attentive listener.What chemical is released to our brain when we get positive feedback and rewards?What percentage of companies named humans as their greatest vulnerability?What kind of gamification is used at our conference here?
OK, the summary.Gamificationcan raise user awareness though more effective education.Gamificationcan raise user loyalty to security policiesWe can do it. We can use gamificationin our products. And get a competitive advantage. Guys, let’s use gamificationin our products.And now the result of our game. Who got the most chocolates? Oh, you need to return them. We need to count. It’s a joke. The winner team, you get a special prize.
You deserved it!
Thank you for your attention.And now my boss fight – your questions
Leader Board - Have a leader board tracking who are the most 'aware' employees. This could be measured by things such as scores on awareness quizzes or how many months employees have gone without falling victim to phishing assessments. People then compete to be in the lead.Badges - Have achievement badges for different courses or training levels people complete.Currency - Have a points or currency system. The more points people earn, the more things they can do (buy company shwag, team lunch, etc). They can earn points by completing more training, reading newsletters, replying to security awareness questions, helping others secure themselves, etc. Then allow people to trade, share or gift these points.Challenges - Create security awareness challenges between users or even departments.The end goal here is not to create games for security awareness training, but to make security awareness training (and changing behaviors) a fun game!feedback. This is absolutely crucial, and virtuality is dazzling at delivering this. If you look at some of the most intractable problems in the world today that we've been hearing amazing things about, it's very, very hard for people to learn if they cannot link consequences to actions. Pollution, global warming, these things -- the consequences are distant in time and space. It's very hard to learn, to feel a lesson. But if you can model things for people, if you can give things to people that they can manipulate and play with and where the feedback comes, then they can learn a lesson, they can see, they can move on, they can understand.feedback. When you succeed in a challenge, good games provide excessive positive feedback to make it abundantly clear to you that you did so. For example, the LinkedIn progress bar shows how much profile information you still need to provide and outlines the simple steps you need to take to achieve that goal.reward effort. It's your 100 percent factor. Games are brilliant at this. Every time you do something, you get credit; you get a credit for trying. You don't punish failure. You reward every little bit of effort -- a little bit of gold, a little bit of credit. You've done 20 questions -- tick. It all feeds in as minute reinforcement.Game mechanics involve things like achievements, points and missions. We could attach these incentives into the actions tied to your business metrics. Samsung uses the behavior platform to assing points to registering products, asking and answering questions and submitting comments and reviews in order to increase metrics like repeat visits, registration, time on site, ratings and reviews, shop clicks. The result: 60 times more shop clicksReputation mechanics include levels, leaderboards, badges and exclusive privileges. Reputation is important. It tells the story of user’s action. Letting people create the reputation is a critical part of motivation. EMC wanted to increase user motivation and connect partners, customers and employees on their EMC community network. With RAMP (recognition, awards and motivation program from BAdgeville) users could earn badges for creating documents, downloading files, interacting on forums and more. People could easily see who was knowledgeable about a topic. Overall user activity rose 21% on EMC community networkSocial mechanics are activity streams, following, recommendations, sharing, familiar staff from social networking. When users follow other users they see real time notifications of key behaviors and get updates of who is doing what, where.The first principle is that games set you clear, unconflicting, visually present goals to reach for. These can be individual or group goals, as in the case of Kickstarter: The goal is to reach X amount of funding in Y days. Now video games don‘t just present goals. They ensure that a structured flow of nested goals pulls you through, from the long-term goal (safe world, rescue princess), to medium-term (kill level boss-monster) and short-term goals (collect five level coins). Wherever you are in a good game and whenever you return, there will always be one next small goal that is just within reach.Rewards for effort (i.e. positive reinforcement) trigger releases of feel-good chemicals in our brain, which train us towards desired behaviour. For example, Foursquare rewards users with badges for checking in the most times at a specific venue (mayor badge).Rapid, frequent, clear feedbackin response to a user’s actions which also sets off the reward centres in our brains. For example, Facebook is addictive partly because it allows its users to receive real-time feedback in response to their comments and Likes.An element of uncertainty is crucial for an effective reward scheme. Gamblers become addicted to slot machines due to the unpredictable nature of the pay-offs [see Montague & Berns, 2002]. It is the element of uncertainty that has people constantly checking to see whether an email has arrived in their Inbox or whether someone has commented on their Facebook status.Other people (i.e. social elements) probably provide our brains with the greatest rewards. Humans are social creatures by nature. Adding other people into your experience is a no-brainer as evidenced by the rise of social media in the form of Facebook, Twitter, etc. According to Gavin Marshall, Head of Innovation for Mxit, South Africa’s largest social network, MXit users’ rewards are mostly social in nature.RewardsEffective rewards cost designers relatively little but are highly valued by users. Less effective rewards cost designers more for the same level of user valuation as a more effective reward. Reward types are listed below in order of decreasing effectiveness [CNET, 2010]:Statusis probably the most effective reward. It costs designers next to nothing and is highly valued by users as it taps into our social natures. Zicherman [2010] suggests that status has replaced material rewards such as cash, and that the less status rewards a game doles out, the more material rewards it needs to hand out to keep users engaged.Access to restricted features, options and areas e.g. VIP room in a nightclub or member-only analytics on a website.Power is an effective incentive for some e.g. community moderators that can ban users, remove status or shift points around; voting to change contents of front page of a website; etc.Stuff, both material (e.g. cash prizes) and virtual (e.g. game weapons or FarmVille seeds). Material stuff is costly to provide, whereas virtual goods are often free.Rewards are not equivalent to achievement. Good design involves building in instrinsic motivators like experiences of competence, self-efficacy and mastery rather than relying on extrinsic rewards. Rewards themselves are not equivalent to achievement.Common game techniques for leveraging these motivations include:BadgingandavatarsPointsandrewardsLeaderboardsProgresschartsVirtual currenciesorgoodsGiftingandgivingChallengesandquests
Gamer typesAs touched on in the “game dynamics” section, people behave in different ways. Different people are motivated in different ways. To account for this, Zicherman [2010] suggests thinking through different usage scenarios and designing specific streams into the game structure. According to Bartle [1997], there are four main player types, each of which needs to be catered for when designing a game experience. Achievers (10% of users) focus on the big rewards with the most recognition and status (e.g. an illustrious title or large number of contributions). Socializers (80% of users) make up the undergrowth of the community. They support and nourish the other player types with their recognition and adoration. Socializers are non-confrontational, are looking to engage and will easily reciprocate.Explorers (9% of users) take pride in mapping a system in terms of its features and decision spaces. They thrive on the social credit that they receive for their discoveries. Day suggests building achievements into your game-space that reward users for exploring the platform in novel ways, for example by using an unpopular feature.Killers make up 1% of the community. They are similar to Achievers in that they go for the big rewards, but with a subtle difference. When they win, someone else has to lose publicly so that the community can recognise their actions (e.g. forum trolls and comment killers). Killers are highly active and engaged and can be dealt with by harnessing their energy by putting them onto rails (step-wise progressions that are built into the system) that shape their behaviour by following a path intended by the designer.However, an experience does not need to look overtly like a game in order to be compelling and engaging. For example, Facebook is probably the most successful non-game game ever invented. It has implemented game mechanics and reward structures that keep a large portion of the world’s population coming back several times a day. Yet, Facebook has no mascot, complimentary colours, traditional level structures or anything else that we would usually associate with a game.Explorers have a clear inclination towards discoveryAchievers are definitely motivated by the accumulation of experience points, status and ranks associated with their proficient use of the softwareKillers, on the other hand, are motivated by challenge, competition, and the rapid pace of usage as in a first-person shooter game.Don’tForgettheSocializersIt may seem like that we are almost done, since we can motivate three of the four gaming persona. However, approximately 80% of the populations are Socializers. Explorers, achievers and killers make up only about 20% of the population. So how can we make the software engaging for the socializers? The solution is simple. We just have to infuse social features into the software.Socializers get their name because they like to socialize in a collaborative non-confrontational environment. So when users search for a particular feature/function, show them others who have used that function. That is, who discovered that function first in the organization; who used it the most number of times, who used it recently with the highest velocity, and most importantly, which of their peers have also used this function. Finally, the software must enable ease of communication with others, so people can ask for tips and advice from people who have used that function.The foundation for any effective gamification approach is to keep careful and detailed records of all usage of all functions by every user. This enables the system to reward users in three different ways.DiscoveryCompetetionProficiency: which includes both the absolute Quantity and the relative VelocityAlthough this covers three out of the four types of gaming persona (i.e. explorers, achievers, and killers), we must not forget that socializers is still the largest group making up roughly 80% of the population. To keep the socializers engaged, we must infuse the enterprise software with social features that enables their users to socialize.