Ask Jay - JTI InfoSec Chatbot

JTI was worried about the increasing risk of cybersecurity within the company, so they asked our agency to work on a question. How to increase awareness and trigger a long-lasting behavioral change toward Information Security among JTI employees?

We designed a scripted chatbot to provide instant support, education, and training.

Employees could now ask the most basic InfoSec question without shame and escalate the conversation to a real human in case of an emergency.

Role
UX strategist

Date
Nov 2018 - Jun 2019

Information Security concerns everyone in a company. However, it's hard to realize its importance until a problem arises.
How could we get JTI employees to feel involved?

Challenges

  • "I forgot!"

    Employees often find it difficult to remember the learnings of an InfoSec workshop.

  • "it's already outdated "

    Cybersecurity information needs to be constantly updated to stay relevant. How to constantly stay up to date in terms of content? How to train employees to adopt safe InfoSec habits?

  • "I don't want to ask stupid questions"

    Employees have different levels of comfort with technology. Some feel ashamed of asking "stupid question". How to provide guidance while respecting privacy?

  • "Oh no! who should I talk to?"

    Another identified pain point was the difficulty to reach out to the appropriate support contact when security threats occur. How to provide the right support when people are panicking and need to report an incident fast?

Information security should be everyone’s concern, but it is difficult to understand and remember.

Objectives

🧠 Train

Create healthy habits to prevent future attacks.

💡 Educate

Make content easy to understand at different levels of comfort with technology.

🆘 Help

Provide an instant reply to a specific InfoSec question.

A scripted chatbot!
An intuitive, anonymous, ever-evolving tool

After some positive feedback from an initial scripted chatbot testing, we got the green light to develop the bot using Microsoft Azure Bot Service.

Bot design principles

Transparent

  • Set user expectations. An engaging onboarding experience that introduces the bot's purpose and functionalities.

  • The bot’s tone of voice should be friendly but never pretend to be a real person.

  • Fallback messages to answer rude queries or insults.

  • Fallback messages for unexpected queries to avoid dropout.

Engaging

  • Directed conversation to frame the dialogue.

  • Push diverse content formats (quizzes, GIFs, videos, images, external links) to keep users engaged.

Accessible

  • Control the latency of the bot's answers so that the conversation feels natural. It also gives users time to read.

  • In emergency situations, have the ability to escalate the conversation to a real human to avoid frustration.

Part of the bot script architecture

Prototype created using Chatbots Life

Video tuto

We provided step-by-step tutorials with links to video for guidance.

Gamification

We created some quizzes to train users to identify phishing messages for example. In the future we had the idea to gamify the InfoSec to improve good habits learning.

Key takeaways

I was very excited to design a simple scripted chatbot. I learnt a lot during my research and had a lot of fun creating the bot personnality.

I had a real challenge trying to prototype how the chatbot will feel like with the tools available at the time.

Overall it was very fun to collaborate with other creative minds on the project.

We heard great feedback from the brand employees and I guess this is why I love what I do!

Credits

Graeme Kendrew - Creative Director
Meghan Botterill - UI designer
Charlotte Golzari - Copywriter

← Previous
Next →