Information Security Awareness

Lara strikes back

This project first came to me, as a request for advice for potential external providers. By the sounds of it, the business unit responsible either didn’t know or didn’t trust this kind of work could’ve been done in-house. So, the team took as a challenge to show off some of the capabilities we could offer, and I did a small teaser. The briefing was impress the customer but don’t spend too much time on it.

Instead of adjusting the existing e-learning package, I re-wrote the script to a scenario-based animated story. In the original training, the main character had to escape the cyber traps created by Lara. Your job was to keep him safe, by succeeding in the quiz questions. This second iteration, I designed it so she was not only really annoyed you helped our hero to succeed but also much better prepared. She has new technology available to her, learnt new tricks to deceive you and are fully invested in stealing your money and identity, better if both. Beware, Lara Strikes Back. 

Long story short, although the concept was well accepted, it would not fit the timeframe allowance. However, it did win us the project, we got to revamp the current version of the training and the online team is now working on a version for team leaders and managers, likely to be sure targets given they have better access to the organisation systems, some including decision power over budgets.

But… the whole thing looked so real.

Yes, it normally does. Hackers will disguise their traps into products and services that look almost like the original, if not identical. In this learning program, the user receives emails and messages that look very ordinary, and even from people they know and trust. Their job is to identify signs that will hint the whole thing might not be what it looks like. The message might not even come from the sender it says it does. At times, they trust their source, follow the instructions and before they know it, they get their identity stolen, dodgy charges on their credit card and their reputation compromised. It is good people being targeted for just being good. Sadly, in this business, if you trust others easily, you are a good target.

Some tips that could be useful when judging whether a content is safe or not

  • If you hover the link for a little while, a info may pop with the real address. So if the link says “yourbankname” but it points to “someplaceelse“, don’t click.
  • If an existing supplier asks you to change their banking details, call them and confirm this.
  • if an offer looks too good to be true, good chance it is.
  • If a lawyer from wherever chooses you, out of the blue, to transfer a large sum of money from an unclaimed inheritance… like, seriously? Just report it.
Lara releasing viruses in an office environment

Similar projects you may like

Code of Conduct – Code Ninja version
Code of Conduct – Code Ninja version

Learning

The City Resilience team
The City Resilience team

3D, Animation, Learning

Contract Management Fundamental
Contract Management Fundamental

3D, Animation, Characters, Learning

Information Security Awareness
Information Security Awareness

3D, Animation, Characters, Learning