When I saw the Digital Behavioural Design Lab event on Facebook I was immediately curious how I could participate with my skills and knowledge from studies and previous experiences. The challenge was to solve and important problem, that concerns probably everyone who uses internet-connected devices: cyber security. From my studies and personal interest I have a little background of human behaviour and people centred design, so this workshop seemed like a formidable opportunity to put theory to practise.
Having read the book Nudge I’m convinced that insights from behavioural sciences can contribute to many fields where humans don’t intuitively behave in the most rational way. However, I never thought about cyber security so far.
37 participants from the most diverse backgrounds. I grab a coffee, pen and paper, and prick up my ears for the inspiration talks given. I’m relieved that it is not sophisticated programming skills that is needed today, but collaborative brainstorming, clever combining of ideas and a pinch of creativity to fight the ultimate source of poor cyber security: the human user.
After the introduction we are equipped with our (knowledge) tools: from the cognitive pyramid over misleading online models to crucial behavioural patterns that make up most of the security problems when we are online it is the same old story: password reuse, phishing mails, lack of updates and backups and careless entering of information on webpages and of course bad firewall. We also learn that the user doesn’t need to understand a system in all its complexity to be safe and secure online. The running gang of that day: you don’t need to understand the toiled when you only need to flush.
In not more than two hours each group had to come up with at least one idea how to nudge employees of SMUs to be more secure online. We grew a jungle of notes on post-its, mind maps, charts and sketches to give our ideas form and shape. Putting ourselves in the position of the average employee who’s about to act insecure online wasn’t too difficult – we knew from personal experience how we behave in front of a screen. The truly challenging part was rather: How to tackle such behavioural patterns? How to make oneself focussed and alert, when you are ready for lunch with the colleagues, have five windows open and notification on the desktop and probably also on the smartphone. Or when you are about to type in sensible information and the phone rings and all the concentration is dragged to the conversation? The devil sits in the detail also when it comes to cyber security, one moment of distraction and the window is open for the digital thieves.
Hence we decided to work on the focussed mind of the employee. Our idea was to have an app or browser add-one that darkens or blurs background windows and also mutes notifications for the time of working with sensible information. Every now and then, the program could also send you for a quick walk down the corridor when it records a long period of work. Similar to safety-systems in modern cars that suggest a coffee break after some 2.5 hours, our solution would keep the employee focussed on what she’s doing, using appropriate UI and UX as well as gamification elements to keep it fun.
Although we never worked together, let alone knew ourselves for more than 30 Minutes, we made up a pretty good team. I think precisely our diversity spiced our ideation process where everyone had something to contribute from personal or professional experience or random knowledge picked up somewhere. Our group consisted of a consultant, a university teacher, an accountant, a system design student and me, a student of Business and Philosophy (too personal?). In the end we ourselves were surprised about our output. On spot we wrote a PDF, added some picks and were ready to upload.
To get an idea what all the other groups had worked out, each was given a minute (and not a second more!) to pitch their idea. It was truly amazing, how different the approaches turned out to be, but all of them used behavioural insights to make people more aware of the significance of digital security. There was a password wizard that told you immediately how much stronger in percent your newly chosen password is compared to the average user. Other solutions worked rather with clever UI/UX and gamification elements to make the user more alert and focused when she is about to enter sensible data.
After this, most of us were still so immersed with the topic, that we stayed a little more at Danish Business Authority and discussed our thoughts and ideas. The Digital Behaviour Lab gradually transformed in a hyggelig Friday bar with groups of people sitting and standing all around the room for a chat, discussion, new vision or exchanging business cards.
For me it was a great experience, I learned that also in IT security it is the human error which is ultimately crucial: no matter how advanced security software are, there can always be someone “leaving the door open for having a smoke”. Tackling behavioural patterns can work to prevent exactly this. People can pick up good habits, including secure online behaviour. And even better: people can be nudged so they don’t even notice or have the feeling they must study hard to be prepared for hacker attacks.
After an inspiring bachelor in Philosophy & Economics in Bayreuth Oliver now studies M.Sc. Business Administration & Philosophy at Copenhagen Business School. He is interested in how behavioural insights may help us achieve fluent, sustainable and happy urban living. Oliver was a participant in Digital Behavioural Design Lab and has inspired by the workshop decided to join Nudge Crowd to lead our social media activities and help create memorable workshop experiences for the community.
Watch the participant pitch their ideas in 1 minute
Boost the cybersecurity nudging competences in your organisation
Based on the Digital Bevioural Design Lab Nudge Crowd offer a workshop you will learn how to utilize principles from behavioral economics and develop nudge ideas to increase the IT security level in your company.
You may also want to read
Recruiting and promoting the right people is paramount to any organization’s success. However, Gender Biases continue to negatively affect successful recruitment and selection processes. S&P 500 companies have less than 20% of women on their boards and only 5% of the...read more
We have now find a winner for our first challenge sponsored by Frederikssund Municipality. Congratulations to Erin Angell, Hamsa Srikanth and Emily Crabtree for presenting two clever and cost effective ideas for how to reduce vandalism. By adopting a...read more
Looking for data to your master thesis or research project within behavioural economics? A couple of weeks ago we hosted a workshop on how to nudge clean & corporative co-working spaces. Based on the ideas from the workshop have designed an intervention in...read more