Most security breaches can be traced back to human error, with scammers and social engineers able to exploit our good faith and momentary inattention. Applying manipulation and impersonation as tools to prompt their victims to drop their guard and reveal sensitive company information, hackers scammed employees and individuals to the tune of $26 billion between 2013-2019.
This article from Harvard Business Review outlines tactics - based on principles in psychology - leaders can use to lessen these human-centred security breaches and motivate staff to stay alert for gaps in security and emerging risks:
1. Creating a code of conduct
Having employees (voluntarily) sign a security policy will mean they feel more invested in its contents and are more likely to be compliant. The code should include measures such as agreeing that the employee will report all suspicious activity and outline where their responsibilities lie.
2. Set behaviours at the top
Senior members of staff should demonstrate and promote best practices and make
sure to exhibit security-centred behaviours such as locking their PC while away from their desk.
3. Harness the principle of reciprocity
A social rule is that favours, even unelicited ones, are often returned. To leverage this quirk of human psychology, leaders could gift employees with security tools, such as encrypted flash drives, increasing the probability that staff will remember to use them.
4. Make use of scarcity
Opportunities appear more exciting and attractive if we feel they might soon vanish. Demonstrating the benefits of security and how they risk being lost in the event of a breach, can help instil a sense of their importance. Similarly, singling out a firm’s sensitive information will make employees feel more empowered to protect it.
5. Show vulnerability
Leaders should share stories of times when they’ve slipped up, demonstrating that no one is infallible - this will help foster trust and make employees more aware of their own potential for error.
6. Use the power of influence
Senior leaders should personally instruct employees to carry out annual security training. Those in charge and seen as an authority on the subject are likely to elicit the highest levels of compliance.
Why does this matter for businesses?
With 99% of security breaches stemming from human error, companies must take measures to train and support their staff adequately. Business leaders should heighten their staff’s awareness of what is at stake and their potential for letting breaches occur. Rather than blunt instruction, employ a variety of persuasive tactics.
