Abstract

Every day, new types of attacks are being developed with companies as their targets. If employees are not aware of the consequences and tactics of such attacks, they cannot protect the companies that employ them. Current teaching methods, such as lectures and videos, may not adequately prepare participants in security-related courses for real-life situations. To raise awareness about computer security, teachers and students of l'Instititut National des Sciences Appliquées de Toulouse developed two escape rooms with different approaches to the same goal: raising awareness. Players learn how to reduce risks from computer attacks during hour-long real-life simulations. Choosing strong passwords and spotting phishing emails are just a few of the habits our escape-room scenarios can instill in participants to mitigate the damage of hacks and social-engineering attacks.