Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Five sneaky ways companies are changing employees' security behavior

Stacy Collett | Feb. 12, 2015
(Hint: They’re helping you make better decisions without you realising it.)

2. The Nudge

You've been pinged, you've been poked, now prepare to be nudged. Borrowing a page from economics literature, researchers at Carnegie Mellon are experimenting with "soft paternalism."

"We're going to let you make the decision, but we're going to nudge you toward doing what we think is best for you," says Lorrie Cranor, director of the CyLab Usable Privacy and Security Lab.

For instance, one tool focuses on avoiding regret and helps social media users make better choices about their posts. As users are typing, the tool randomly selects five people from the writer's list of contacts who are about to see the post, and it shows their profile pictures on the screen. "People you may have forgotten about may pop up, and it makes you rethink what you're writing," Cranor says.

3. The Countdown

To get people to stop and think, CMU built another tool that provides a 10 second countdown timer before a post is published. "You can see it, edit it, or cancel it " in those 10 seconds, Cranor says. "We found that it was actually a pretty effective way to get people to stop and think."

Both of these tools could be very effective in the workplace, Cranor says. "You could develop a nudging tool that would be on the look out for things against company policy and provide these hints and suggestions - 'hey, look again at what you're about to send and see if it crosses the line,'" Cranor says.

4. The Game

Using interactive gaming techniques to educate or motivate users -- otherwise known as gamification -- has shifted from customer-focused applications that are led by marketing, to more employee-focused applications led by IT for security awareness.

These interactive software games usually rely on employees' competitive nature and involve teaching the player a particular security concept and then putting them into scenarios where they can apply the concept. The player competes against the clock and receives points for every correct behavior scored.

"We're trying to give them that similar experience that they have at work where they're multitasking and have to make quick decisions," says Joe Ferrara, president and CEO of security awareness and training company Wombat Technologies in Pittsburgh.

While some employees play to achieve their personal best scores, some companies organize contests around game-based training between individuals or groups and award prizes, says Ferrara.

EMC used an online game and accompanying Elvis-themed "Suspicious Link" video (a parody of his "suspicious minds" song) to make employees worldwide aware of phishing scams and their impact on the company. Employees had to watch the video and then answer all questions correctly to be entered to win an iPad Air. Centers of Excellence around the globe also competed as teams to win an office party.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.