Seasoned IT professionals have long been aware that technology, challenging as it may be, is the easy part. Successful projects depend as much on people as computers.
Nowhere is the struggle to get employees to comply with the ‘right way of doing things’ more draining than security. Job-hopping professionals have all been told, at one time or other, to log-in with the password Freelance1, when they start a new contract. So often, the assumption is that hacking would never happen here, so security policies become an annoying obstacle to be got around in the easiest way possible.
The question is: how to get employees to use security systems to protect vital business data, without a draconian and counter-productive security enforcement policy. An answer has been proposed from the field of behavioural economics. Nudge theory has become popular with governments attempting to instigate small but important behavioural changes in the population – this could be choices around healthy eating or take up of pension plans.
Advocates of nudge theory say it works by changing the choices people are presented with, offering more information about peer behaviours, and offering positive re-enforcement for the right choices. In the chase of IT security, ask yourself how the use of more secure passwords can be encouraged. Google, for example, offers feedback on the strength of passwords with a little bar indicating how strong or weak a password is. After all, no one wants to have weak security, but they may think they don’t have time to have better security. You could offer example of the kind of problem weak security can create, say if a password is the weakest in the department. Anything that guides people to better choices can help nudge them in the right direction, without creating a backlash against IT.
In the end, some IT security polices will inevitability be locked down, and dictated to the users. But where possible it is worth considering persuading people to make the right choice by better framing the options they are presented with.