Five ways people rely on nudge theory everyday, and don’t even realize it
There’s the right way to do things, then there’s what we actually do.
Most of the time, people want to do the right thing. They want to make the right decision. And yes, that includes the people in your organization.
But even if doing something is in their best interest, things are never so black and white. People procrastinate. People forget. People get overwhelmed. People make mistakes..
That’s what makes human security so … well … human.
In other words, it doesn’t matter how much knowledge, or, ‘awareness’ someone has—without a push, or, ‘nudge’ in the right direction, it’s easy to slip up. In short, nudges can help people make better choices, both in their professional and personal lives.
And that’s exactly why security nudges are generating so much interest among security professionals. Don’t know what all the fuss is about? Register for our free webinar on the science of security nudges to find out!
As behavior change takes center stage, nudges have proven to be an effective complement to security awareness training.
They help people sidestep some of the pitfalls of the human condition, and help them make a better choice.
If you’re wondering whether what’s essentially a security message can really make a difference in people’s behavior and your cyber risk, you’re probably in good company. But what if we told you that nudges have been part of people’s daily lives for a pretty long time?
Here are five ways your people could be relying on nudge theory to influence behavior everyday.
1. SOS: Save Our Spines
Many of today’s fitness trackers feature sophisticated motion detection. We all know that sitting for hours on end isn’t great for our bodies. But when you’re hunched over your desk with that quarterly report, time just gets away from you, ya know?
And that’s exactly when your fancy watch kicks in. It’s a perfectly timed pling. A reliable way to reinforce a good behavior—standing up, and getting some steps in. Mr Burns posture averted.
And that’s basically how to use cybersecurity nudges to influence behaviors. When things get in the way, people tend to put good behaviors in the back of their minds. That doesn’t mean they don’t want to do better, it just means there might be a few other things taking priority at that moment. Well-timed prompts can push that security behavior to the front of people’s to-do lists.
2. Sat Nudge
Sat nav tech saves most of us from being unfashionably late. And, of course, we can’t forget what Google Maps has done for relationships all around the world—road trips have never been so peaceful!
Most of the time, you either know where you’re going, or you have a good idea. But there’s something reassuring about that robotic “Turn left”. And when you’re in unchartered territory, it’s a great safety net.
3. Doomscroll patrol
You know it, we know it—staring at our various devices all day is … bad. Prolonged screen time has been linked to sleep, mood, and cognitive issues. To make matters worse, more often than not, we’re sitting down while we’re at it (see: point 1).
It’s easy to keep following links down a rabbit hole. You get sucked in, and next thing you know, it’s 3 in the morning—and you have to get up at 6. Urgh. But, if you’ve had the foresight to set up app time limits or schedule some screen downtime, then you get a friendly reminder to do yourself a favor and smell some flowers or something.
The reasons people put off sleep are pretty similar to the reasons people keep postponing software updates. When a behavior seems inconvenient, it’s natural to put it off. In this case, a security nudge to turn on auto-updates, can help people stay the course.
4. On track
More of us are using time-tracking tech to keep tabs on projects and tasks. Knowing what you’ve been working on, when, and for how long isn’t just useful insight, it’s often vital. Nudge. Gone off to the roller disco but forgot to stop your tracker? Nudge.
Haven’t completed the latest security awareness training module? Nudge.
5. Smarter shopping
Smart tech is learning when to ask us stuff that might help us out. Say you use your virtual assistant to order your weekly groceries, your assistant then knows some useful things:
1. Based on your order history, you’ll be running out of coffee in about four days.
2. It would be more convenient for you to add coffee to today’s grocery list. So your assistant recommends you do just that.
In a similar light, if someone was, say, starting their onboarding, it might be the perfect opportunity to get them to set up MFA. And maybe a password manager too…
What is a cybersecurity nudge?
Okay, let’s start with the basics. Nudge theory falls under the (rather broad) umbrella of behavioral economics—the study of factors that influence decision-making.
Cybersecurity nudges are built on that theory. They’re messages, notifications, or prompts designed to influence specific security behaviors.
Security professionals can use nudges to push their people to make the right security decisions, when it matters most. So, a security nudge could, for example, encourage people to complete their security awareness training modules.
Side note: This article on nudge security is a great starting point if you’re interested in the science of it all. And if you’re as OBSESSED with behavioral science as we are, then might we suggest looking into some rock stars like Daniel Kahneman, who won the Nobel Prize for his work on the psychology of judgment and decision-making. And Richard Thaler, who literally (co)wrote the book on nudge theory.
But why bother with nudges when email is a thing? We hear ya! Look, email has served the industry well. And it’s not going anywhere anytime soon.
But relying on email for your security comms is like being at a [choose your pop star] concert and shouting up at the stage in the hopes they’ll hear you. Much like your people’s inboxes, there’s probably way too much going on for them to notice.
Nudges are designed with the modern workforce in mind. They reach people where they are, and when they’ll notice. Making communication with your on-the-go-and-juggling-too-many-apps workforce more effective.