Universiteit Leiden

nl en

Escape room challenges staff to work safely online

An escape room gave staff the chance to test their knowledge about cybersecurity at work. Would they manage to defuse the bomb in time without falling for the phishing emails or causing a data breach?

In the mobile cybersecurity escape room, the participants had to crack various codes and work cleverly as a team to disable a bomb. As they searched for the codes, they had to look out for the cyber attacks. A USB stick left lying around obviously isn’t safe to use but would the participants remember this in the heat of the battle? If they plugged it into the computer, ransomware would be installed and criminals would demand a ransom that the participants weren’t supposed to pay but might do anyway.

The bomb that has to be defused.

A few minutes

A number of staff members who took part in a quiz during cyber security month last October got to do this escape room. One of them is Astrid Biesjot, management/office assistant at UBL. Her team managed to stop the bomb with six minutes left on the clock. ‘It was great fun. We first had to read a phishing mail and say how you can see it is one. That was easy because that was hammered home in the e-learning modules I followed: look carefully at the sender and the salutation, for example. We were also able to answer the questions on social engineering. That’s when someone asks questions in passing and manages to gather more and more information.’

Biesjot took the e-learning modules on cybersecurity at work through the University’s Service Portal. ‘The videos in the modules take a few minutes. You can watch them if you’ve got a bit of time to spare. They’re also useful at home. You really learn something.’

‘The videos in the modules take a few minutes. You can watch them if you’ve got a bit of time to spare.’


With just three minutes to go, the team of workshop coordinator Maria Krebbers also managed to stop the bomb. They were so immersed in the game that they didn’t realise their cybersecurity awareness was being tested. ‘Before we entered the escape room we were asked our names and dates of birth. We thought it was strange but everyone gave them anyway. You obviously shouldn’t have to do that.’

The game has made the lessons on cybersecurity at work stick, says Krebers. ‘For example, I’m even more aware that participants in our workshops, who come from all around the world, aren’t allowed to plug a USB stick with a presentation on it into one of our computers. I also always make sure to lock my computer when I leave my desk.’

E-learning modules

Cybersecurity at work is important because all Leiden University staff work with data including personal data. And all staff will face suspicious emails or other attempts by hackers to gain access to this data at some point. In the e-learning modules in the education area of the  Service Portal, you’ll learn more about identifying phishing emails, using strong passwords, why cybersecurity at work is important and what the GDPR is. Log in with your ULCN account.

This website uses cookies.  More information.