"Psychologists tell us in order to learn from experience, two ingredients are necessary: frequent practice and immediate feedback." – Richard H. Thaler
Professor Thaler is the author of the best-selling book, "Nudge" and the most recent recipient of the Nobel Prize in Economic Sciences. According to Thaler, humans are not rational actors, as other economists have proposed. People don't always make the best decisions for themselves. But that doesn't mean they can't be nudged in the right direction.
Below CyberPolicy will look at Thaler's behavioral economics and how they could relate to cybersecurity education in the workplace.
A Push in the Right Direction
As mentioned above, Thaler understands humans sometimes make poor decisions, even when they are well aware of the consequences. Retirement is a perfect example. Employees know they need to set aside a certain portion of their paycheck every month to combat the rising costs associated with retirement. Yet, one in three Americans has no retirement savings whatsoever.
This is where the Thaler 'nudge' comes into play.
"The most famous application of Thaler's insight is a law that encourages firms to automatically enroll workers in 401K plans rather than require them to sign up," writes Fortune. "This simple nudge has dramatically increased the amount that tens of millions of Americans have saved for retirement."
And this same idea can be applied to cybersecurity. How? By nudging users and employees to make better decisions.
Instead of letting employees come up with their own password (which could result in shockingly weak phrases like "123456" or "letmein"), companies should require all staff members to use a password manager that recommends robust passphrases. This minor change is enough to thwart dozens of hacker attacks, including brute force or credential stuffing.
The same rule can be applied to just about any security measure within your organization.
If Equifax had used the Thaler nudge to urge its staff to keep software up to date, perhaps 143 million Americans wouldn't have had their personal and financial data leaked by the credit monitoring service.
Maybe if Dropbox had instilled the Thaler nudge, it wouldn't have seen 60 million user accounts breached thanks to password reuse.
Research shows employee negligence is the leading cause of data breaches and cyberattacks. To reverse this trend, you'll need to create a company culture focused on cybersecurity through frequent practice and immediate feedback. Regular training sessions help keep security topics top of mind. Meanwhile, penetration testing can help workers identify common red flags associated with phishing and social engineering scams.
Of course, the nudge is just that – a gentle push in the right direction. You still need to follow through. One of the best actions you can take for the health and well-being of your organization is an investment in cybersecurity insurance. This essential service will protect your company from the financial ravages of hacker attacks and data breaches. Compare cyber insurance packages with CyberPolicy today.