How to break our bad online security habits – with a flashing cyber nudge

Cybersecurity threats often take advantage of this reality. Phishing emails, for instance, frequently convey a degree of urgency or time pressure. This can result in a greater risk of clicking on a malicious link and giving away personal or private information. The busier someone is, the more likely they are to act without thinking.

When people are too busy and too distracted to act securely, one way of resolving this may be to exploit their “automatic processes” – their habits, or actions they take without really thinking.

If people can be successfully “nudged” in this way, they could end up becoming substantially more resistant to cyberattacks. Research into people’s habits has highlighted that “contextual cues” (events, physical items) can help to prompt particular behaviors.

Gadgets like activity trackers use similar cues – such as vibrating when the user has been stationary for too long – to try and increase activity levels.

Prompts that attempt to encourage cyber security behaviors in a similar way are common. But these approaches often fail because people will typically cancel, ignore or work around such alerts, particularly if they interrupt another task. When people are working on a computer, they find pop-up boxes or notifications frustrating and often click “yes” or “okay” without thinking about it.

Instead, using devices external to the computer (but on the desk) can allow reminders to stay in someone’s periphery, and possibly increase the chances they will act on them. Using soft lights provides an opportunity to try and change people’s behavior in ways that are less “aggressive” or annoying.

Seeing the light
The Adafruit Circuit Playground is a small electronic piece of kit which can be programmed to display different colored lights in different configurations or patterns. The idea is that it will sit next to someone’s computer and the lights will subtly nudge the user to lock their computer screen (if they forget to) as they leave their desk.

It can be connected to a variety of sensors that detect a person’s movement, which will effectively trigger the soft lights (or a gentle sound or vibration) to come on and then (hopefully) help to encourage the person to develop a new habit, such as locking a screen, changing a password, or updating their privacy settings.

These kind of nudges can be less disruptive to a person’s workload (or current task), and effectively remind them to do something. There is evidence that gentle prompts such as these have had positive impacts on people’s behavior.

At a time when people are increasingly distracted, exhausted, and threatened by data breaches, the need to safeguard against threats is greater than ever. Exploring new approaches to “nudging” people’s behavior could be a solution that helps to reduce our vulnerability to security threats – creating safer work and home environments for everyone.

Emily Collins is Research Associate in Human Factors of Cyber Security, University of Bath. Joanne Hinds is Research Associate, University of Bath. This article is published courtesy of The Conversation.