James Mackay MSc
Instructional Designer | E-Learning Specialist
This project is a sample of work for my portfolio. All content was developed by James Mackay.

Creating a training for a CyberCo client having Data Loss and Malware Issues

"How to Better Protect Your Data
when Using Flash Drives"

Portfolio

Overview

Details

  • Type: E-learning Development
  • Date: August 2023

Tools

  • Articulate Storyline 360
  • Figma
  • Adobe Illustrator
  • Adobe InDesign

Skills

  • Job Aid Development
  • Scenario Based Training
  • Time Sensative Projects
  • Policy Writing for Humans
  • UI/UX

TL;DR

TL;DR

A customer of CyberCo has experienced an increase in data loss and malware attacks. The issues have been driven by the increased use of USB flash drives. CyberCo have asked me to create training to help reduce both data loss and malware attacks. In response to the request, I created:

  1. A job aid – A desktop wallpaper that shows types of malware attacks and how to handle them.
  2. Scenario based training to help reduce data loss, and malware attacks.
Let me see the project!

Intro

Context

CyberCo is a cybersecurity company that specializes in helping clients protect sensitive data. CyberCo has asked me to create a training course for a client. They are experiencing an increase in both data loss and malware caused by USB flash drives. The situation is considered time-critical.
 
The company has found that there has been an increase in employees using flash drives. They are using them to backup and transport materials needed for work offsite. Cloud storage would offer better security there is often insufficient internet access. Company USB flash drives are available but are not always used. Some employees have shown little regard for where the flash drives have come from. Some will use their own drives, and or drives gifted by other companies. This has significantly increased data loss and malware attacks.
 
Training is needed to help reduce the number of malware attacks and data loss.
 

Background to Project

The FBI have warned of increasing cyber attacks designed to create a false sense of security. These attacks often disguised as being from official governmental organizations or large companies. This lulls the end user into a false sense of safety. Users trust the the appearance of the flash drive and plug them in to their machines. It can be devastating for both the individual and for companies that have fallen foul of this deceit.
The consequences for loss of data are real from malware infections is real. While not believed to be caused by a USB flash drive, CloudNordic is a stark reminder. 
 
In early August 2023, CloudNordic received notification of Ransomware within its systems. They have a policy of not negotiating with “hostages” and their servers were wiped clean. Customers data was instantly wiped out. CloudNordic has warned some customers they will never be able to retrieve their data.
 
Malware attacks can be summarized into three categories: Malicious code; Social Engineering; Human Interface Devices spoofing. If something strange starts to happen on your computer then chances are good that it could be malware.
 
Helping protect against USB flash drive malware attacks requires consolidating existing policies. It may even be necessary to introduce more robust processes. Examples of simple steps, Know where a USB flash drive is from before using it. Install and keep antivirus software up to date. Disable auto-run on Windows machines. Use of encryption software on flash drives that will hold sensitive data.

Development

Instructional Design Planning

The Analysis of the situation

Consultations with stakeholders, SMEs, and research lead me to draw the following conclusions:
  1. The existing documentation is inaccessible and difficult to understand. It needs to be simplified and made easier to understand in a hurry. The language should be made more accessible and easier to read.

  2. Staff who had experienced malware attacks had used non-company-issued USB flash drives. They were also unsure what to do and when the attack occurred.

  3. Staff have developed bad habits around the use of USB flash drives. They often don’t give a second thought to using any flash drive they find around. Some staff see no problem using personal USB flash drives from home.

  4. Staff do not have time for lengthy courses. While this is a critical issue, time is extremely limited.

  5. The IT department is unable to cope with the demands of an increase in malware attacks and data loss. They’re convinced it is only a matter of time before they’re hit with a ransomware meltdown.

  6. Staff still need to use USB flash drives when they are offsite. Wifi and mobile coverage is limited so they can not depend completely on the cloud services. So, for the moment USB flash drives are here to stay.

My Solution to the Problem

User Policy Re-write

The User Policy needs to be rewritten so that it uses language that is clear and easy to understand. It needs to clearly outline the company’s expectations around using USB flash drives. I achieved this by grading the language and expressing it in clear direct instructions of do this, don’t do that.

Job-aid

The CyberCo client is experiencing a dramatic increase in malware attacks. The chance of an individual employee experiencing an attack is far less. Furthermore, it is unlikely any employee will experience attacks on a regular basis. A better solution to memorising information is offering a job aid and experience in using it. The job aid I made, gives six sets of outcomes for malware attacks and the best solution to resolve them.

In the third set of scenarios, I will begin to help the user explore these. I will also help the user to experience that they may experience a combination of attacks. I aim to help them understand they may need to take more than one action to ensure they resolve the problem.

The information I represent in the job aid I sourced from Norton Antivirus. Norton is a respected antivirus software provider with a lot of experience in this area. It is important not to “reinvent the wheel” every time. I have, however, represented the information to fit with CyberCo branding. The graphics I have produced complement the subject matter and make it more engaging.

The E-learning Solution

The e-learning solution had to be simple, meaningful and effective. The results had to be long-lasting. We need users/learners to think about changing their behaviour. Users need to be aware of the consequences of their actions. I needed to be mindful that I was dealing with professional people with a range of life experiences. The best solution is to offer a range of scenarios.

I can set out a common situation and ask users how they would respond to that situation. The outcome options should reflect what they should do, and what they might actually do at the moment. I then offer follow-up stories explaining the outcome they’ve chosen.

For this training to achieve the learning objectives, I used three different scenarios. The first two, “Lost and Found” and “Gifted and Personal” focused on responsible use of USB flash drives. “Dealing with a malware attack” introduced users to the idea of responding to such attacks.

I chose to offer users the option of a scaffold learning experience for the first set of scenarios. Cy Borg, the helpful CyberCo training assistant was on hand to guide anyone who needed help. Cy was available to help remind the user of company policy and point them in the right direction.

The main reason for using a robot character was to offer dehumanised help. It would not have been unrealistic to have used an IT expert, an HR person, or a Data Security Officer to help. I felt these characters would bring stereotypes that could distract from the learning. Cy Borg offers a non-judgmental, factual approach to help. Users also described him as having a cute factor.

Keeping it simple and meaningful was essential. I chose to create each of the three scenarios with two steps. In the first scenario, it was set up so that the response to the first step, would create a unique second step. This resulted in nine possible outcomes at the end of the second step. While this helps re-usability and enhances exploration, it also helps reinforce correct behaviour. The behaviour is reinforced by the user’s own experience and interaction.

Instructional Design Development

  • Articulate Storyline 360
  • Figma
  • Adobe Illustrator
  • Adobe InDesign

The Project

Additional Resources

In addition to the e-learning scenarios above I also produced an updated “USB Flash Drive User Policy” and a job-aid desktop wallpaper. You can see copies of these below:

CyberCo-USB Policy Document for Clients
Desktop wallpaper outlining potential malware attacks and how to resolve them quickly

What Next?

Further Project Development

This is the first in a series of Scenario-based learning around USB Flash Drives. The aim now would be to receive user and management feedback on this first set.

Based on the feedback I would then look to develop a series of follow-up scenarios. Over time the amount of help available from Cy Borg would begin to reduce. Removing the scaffolding gradually, helps the user take more responsibility for their learning. It becomes a test of remembering correct behaviour.

Responding to changing circumstances. As time progresses, so do the CyberCo client’s experiences. As such, follow-up scenarios can address issues that have arisen more recently. In contrast to a one-time training session that would not have this flexibility.

Would you like me to help your organisation produce meaningful long-lasting changes?
Then let’s connect and discuss how I can help you.

Like what you saw?

Get in Touch

Want to see more?

Empowering Diversity

View Project
Write-up

Avoiding Malware

View Project
Write-up

Quiz-taking App

View Project
Write-up

Passport Control

View Project
Write-up