Talk to any cyber security professional and one of the first things you’ll notice is frustration. Despite all the advice out there on how to avoid phishing attacks, or choose secure authentication methods, and so on, the problems persist—people continue to click suspicious links in emails and use ‘password’ as a password. As a result, research exploring how to more effectively promote security-conscious behaviour in people is vital.
The findings of one such research project are detailed in “Psychological needs as motivators for security and privacy actions on smartphones”, part of a Journal of Information Security and Applications special issue on ‘Human-Centered Security’. Utilising in-person and online interviews the researchers attempted to tease out details of what psychological needs are being fulfilled when they engage with security and privacy features on their devices and services, beyond just the need for Security. For example, a major motivation behind the use of backups was found to be the need for Keeping the meaningful, and a sense of Autonomy coincided with fine-grained control over app. permissions. Not all responses were positive, however, with one user reporting that they allowed apps access to all permissions they requested due to not ‘see[ing them]self in the position, to switch those things off’, which inhibited the feeling of Competence.
You might be wondering: what does this means to me and my employees? The answer is that fulfilment of these psychological needs, in particular those currently underserved, may provide the means to painlessly improve your levels of workplace cyber security awareness and hygiene. In addition Mitigate, our complete internal security solution, can help you to both promote good behaviour amongst employees and monitor your rates of success (and, therefore, residual risk).
For example, the researchers write that their results ‘suggest that need fulfilment for security and privacy actions is in general low…’, and focused where it does appear primarily on the needs of Security, Keeping the meaningful, Stimulation, Autonomy and Competence. Some of the underserved needs are Relatedness—‘Feeling that you have regular intimate contact with people…’—Self-esteem and Popularity, and the authors suggest the use of ‘gamification approaches…to achieve such experiences’. A central feature of Mitigate is the ability for your employees to compare themselves, their progress and their levels of risk to one another in real time, helping to fulfil those otherwise-ignored needs and inserting a healthy sense of competition into your security regime.
In addition, Mitigate presents users with real-time threat alerts, engendering a sense of Stimulation that the authors cite as contributing to the installation of updates on mobile phones. By ‘separat[ing] security updates from other updates’ in this way, you can also alleviate the danger of ‘users who have had bad experiences with installing updates [refraining] from installing them in the future’. Finally, presenting your employees with an easy means of reporting their own security concerns, you can encourage them to become active participants in your workplace security regime, fulfilling their need for Self-actualisation.