Project-3 — Kate Sidarovich

Let’s talk about phishing

A micro-course designed to raise employees’ awareness of phishing attacks and protect them from exposing data, spreading malware viruses, or giving access to restricted systems.

Experience the Project

Overview

A large vendor company has been struggling with phishing emails that managed to get through the protection measures. In many cases, employees deceived by the attackers clicked on fraudulent links which could lead to exposing clients’ information. As a result, they reach out to me to help solve this problem.

By conducting a needs analysis, I confirmed that we could solve this issue with a phishing awareness campaign including deliberate practice. This campaign allowed us to focus on the population vulnerable to cyberattacks and reinforce new behaviors 4 months after taking the course.

Audience: Customer service employees.

Responsibilities: Project Management, Instructional Designer, eLearning Development, Visual Design.

Tools used: Articulate Rise 360, SendPulse, Adobe XD, Miro, Open edx.

Process

Since the project is centered on obtaining the skills necessary to effectively spot phishing attacks, this project didn’t follow a common learning experience design process. After analyzing the data provided by the company, I discovered that phishing attacks were mostly reported by the customer service department and offered to focus our efforts on this audience. Needs analysis identified that employees were not aware of most common “red flags” and behaviors that can help them to spot phishing emails. With gaps identified, together with SMEs we’ve created an action map for the project.

Action Map

Initially, my clients were insisting on designing an anti-phishing course, however, during the kickoff meeting I learned that the company has already run several phishing training. After analyzing previous learning experiences and gathering feedback from the learners, I offered my client to develop a phishing awareness campaign focused on deliberate practice. The campaign included a phishing simulation where employees received a mock-phishing email. If users failed simulations by clicking on the links, LMS (Learning Management System) would register it and automatically enroll employees in the micro-course with hands-on scenario-based tasks. The phishing simulation was repeated 4 months after the training to reinforce acquired behaviors.

Text-Based Storyboard

After the action map was created, I began working on the campaign and outlining the detailed learning experience through a text-based storyboard. For this, I used Google docs, as it allows collaboration with SMEs and saves my work as needed. I keep my storyboards very simple and include all title screens, verbiage, interactions, and programming notes that could be found on that specific slide. For this project, I also included email mockups and programming notes that specify the details of a whole campaign from beginning to end.

This project required the use of tools compliant with the company’s IP protection policies. To run the phishing simulation I used SendPulse which is a marketing email campaign software. Here is a fun part: the workflow. I’ve programmed SendPulse to send emails to all customer service employees which is more than 3,000 users within a week. Each email contained a link that directed users to the Open edx platform which recorded users’ information, enrolled them in the course, and redirected them to the course hosted on Articulate Rise 360. A custom-made HTML code embedded into Open edx also allowed me to re-enroll users in the email simulation to reinforce skills gained in the course in 4 months. The Open edx part of the flow was seamless to users. From a user’s perspective, it seemed that the link sent them directly to the course.

Visual Mockups

Once the text-based storyboard and campaign workflow was revised and approved, I began creating visual mockups in Adobe XD. Using Adobe XD allows me to iterate on visual design elements of the project and helps my clients with envisioning the layout and concept of the project.

With color, I was very fortunate to be provided with a company’s brand color palette. I mixed and combined these colors to ensure an appealing and non-distracting experience for learners. To make the design even more visually sound I used the best practices of proximity, alignment, contrast, and typography.

Interactive Prototype

I used Articulate Rise 360 to create an interactive prototype using the visual mockups and storyboard to design the project’s programming. The prototype included the title screen, interaction samples, and a skill-check task with correct and incorrect consequences.

With the basic framework for the rest of the project determined, I shared the prototype to seek feedback on how the course look and feel from the SME and stakeholders. After I received their feedback, I made some minor adjustments on incorrect feedback by making it more concise. I moved on to the full development once the SME and I were satisfied.

Full Development

The full development of the project in Articulate Rise 360 was straightforward and productive now that all elements had been designed and reviewed by multiple stakeholders.

I was very glad that while I met some software compliance constraints, the SME and stakeholders were flexible and decided to run a campaign instead of simply doing the course. This project allowed me to polish my HTML skills and required a lot of creative thinking to meet the company’s expectations and follow the policies. I learned new programs and tools while working on this project and got an opportunity to work with a SME, and collaborate with peers on solving different problems encountered along the way. As an Instructional Designer, I have grown significantly.