Ask Jay - JTI Chatbot

How to increase awareness and trigger a long-lasting behavioral change toward Information Security among JTI employees?

We designed a scripted chatbot to provide instant support, education, and training.

Users could ask the most basic InfoSec question without shame. They could also escalate the conversation to a real human in case of an emergency.

Role
UX strategist

Date
Nov 2018 - Jun 2019

Information Security concerns everyone in a company. However, it's hard to realize its importance until a problem arises.

How to get JTI employees to feel involved?

Challenges

  • "I forgot!"

    Employees often find it difficult to remember the learnings of an InfoSec workshop.

  • "it's outdated already"

    Cybersecurity information needs to be constantly updated to stay relevant. How to constantly stay up to date in terms of content? How to train employees to adopt safe InfoSec habits?

  • "I don't want to ask stupid questions"

    Employees have also different levels of comfort with technology, some will feel ashamed of asking "stupid questions". How to provide guidance while respecting privacy?

  • "Oh no! who should I talk to?"

    Another identified pain point was the difficulty to reach out to the appropriate support contact when security threats occur. How to provide the right support while people are under stress and need to report an incident?

Information security should be everyone’s concern, but it is difficult to understand and remember.

Objectives

🧠 Train

Create healthy habits to prevent future attacks.

💡 Educate

Make content easy to understand at different levels of comfort with technology.

🆘 Help

Provide an instant reply to a specific InfoSec question.

An intuitive, anonymous, ever-evolving tool

After some positive feedback from an initial scripted chatbot testing, we got the green light to develop the bot using Microsoft Azure Bot Service.

Bot design principles

  • Transparent

    • Set user expectations. An engaging onboarding experience that introduces the bot's purpose and functionalities.

    • The bot’s tone of voice should be friendly but never pretend to be a real person.

    • Fallback messages to answer rude queries or insults.

    • Fallback messages for unexpected queries to avoid dropout.

  • Engaging

    • Directed conversation to frame the dialogue.

    • Push diverse content formats (quizzes, GIFs, videos, images, external links) to keep users engaged.

  • Accessible

    • Control the wait time of the bot answers so that the conversation feels natural. It also gives users time to read.

    • In emergency situations, have the ability to escalate the conversation to a real human to avoid frustration.

Users could now ask anonymously the most basic InfoSec questions.

We provided step-by-step tutorials with links to video guidance.

We created some quizzes to train users to identify phishing messages for example.

I loved working on this project as it allowed us to rethink the problem of information security awareness.

Credits

Graeme Kendrew - Creative Director

Meghan Botterill - UI designer

Charlotte Golzari - Copywriter