Richemont, The Right Choice: Case Study for Effective Creation of Mobile Learning

<p class="0abstract">This is a case study detailing the solution developed by Saffron Interactive for Richemont International to support their learning requirements around information security.</p>


Introduction
Information is one of the greatest assets an organisation can possess; and security of that information has become one of its greatest risks. With the rise of technology, this brings on more risk and more uncertainty. How can an organisation become resilient in the face of breaches in information security?

2
The Challenge As part of their wider 'Be Aware Be Secure' Information Security programme, Richemont was looking to create a sense of shared responsibility for information security, empowering learners to learn and share the key behaviours that are needed to protect it.
Their objective was to make Richemont's employees the company's first line of protection. The way to do this was to transmit simple actions and behaviours that keep the business secure.
When they came to Saffron, Richemont was on a wider maturity journey, from awareness to visible action and leading by example. They came to Saffron to help them make the transition from a state of awareness and knowledge to one of adoption: that is, to apply knowledge into real behaviour change.

Our Approach
Richemont came to us as they were embarking on an organisation-wide security campaign with an ambitious maturity journey in which learners were set to go through awareness, knowledge, adoption and promotion of security behaviours. As part of this maturity journey, they had an existing body of materials that focused on awareness and knowledge; they were now looking to solidify these and go deeper into the stages of adoption and promotion: where learners take security behaviours on as their responsibility, and collectively share a responsibility culture. Based on our experience with behaviour change focused approaches and past success with gamification, we opted to utilise these methodologies for the programme to help boost adoption. After some initial thought-provoking discussions with Richemont, we got to work coming up with the ideal solution.
Given Richemont's aims to challenge how security is perceived and handled, the learning approach needed to be two-pronged: there was a need for playfulness and engagement; but also, to nurture a sense of responsibility and respect for the guidelines to follow. Getting the balance right between gamification to boost motivation and clearly showing the consequences and importance of the subject matter for the organisation was paramount.

Method
The focus was less on getting learners to understand concepts and more on getting them to own these concepts and see how they would play out as tangible actions. We designed the course to be a 10-minute game with scoring and bonus rounds that would keep learners engaged and keep them coming back for more, as they returned to improve their score. In short, the aim was to show them that security could be engaging and fun (while still being taken seriously). The content built on existing storylines that were familiar to learners from a previous recent campaign Richemont had released, adding to this playful dimension and immersing them in a fictional world they could relate to. Within these lifelike scenarios, learners had to think on their feet and try to earn as many points as possible.
The overarching aim was to leave learners feeling responsible and taking information security into their own hands and working with their colleagues to uphold it, yet also escalating a situation to the Support team when necessary and appropriate. Richemont wanted to instill responsibility, not recklessness. To help instill this mindset, Saffron developed an optional 'Report to protect' button which learners had to actively remember to use at the right time.
When they remembered to 'Report to protect', they got extra points. If they forgot or used the button unnecessarily, a feedback pop-up let them know they had missed the mark. This helps embed safety as well as autonomy: the learner is still in the driver's seat, but they also clearly see they aren't expected to handle every situation alone.
The game included bonus rounds, in which learners could further boost their score by including a few rapid-fire questions. This was to help instill a sense of initiative and playfulness in learners, instead of pushing knowledge onto them in a way that feels forced or dry.
At the end of the 10 minutes, learners earn a badge of either 'Risk finder', 'Risk smart' or 'Risk wise'. They can replay the game as often as they'd like to improve their score. As part of Richemont's wider campaign aims of adoption and promotion, we also developed a built-in 'Share to Yammer' button from which learners could share their results to a designated Security page in the organisation's Yammer in just a few clicks. This was a step forward in terms of Richemont's wider strategy to create a community of practice and knowledge sharing, and invited learners to see the game and what they were learning within this wider context.

The Results
The course has since been translated into 10 languages and rolled out to Richemont's maisons. The response has been very positive, and we have also personalised the game for one of Richemont's subsidiaries.
The course achieved a completion rate of over 90%, with evidence of users going back to repeat the course to improve their initial score. Moreover, the course was a driver for many users adopting workplace social network Yammer as they opted to share their scores with their colleagues.
In a survey of users who had completed the course, over 74% gave it a five-star rating, in a sample size of 2,506.