NEW YORK, NY, April 25, 2017 – When it comes to cybersecurity, you are the weakest link, according to insights uncovered by non-profit behavioral design lab ideas42. That holds true from the workplace to your home, from your personal banking data to your employer’s systems and records.
Despite public and private sector investments in sophisticated security systems, vulnerabilities remain. This is due in part to the fact that the search for answers has been heavily steered toward finding technological solutions alone. In reality, up to 80% of the cost attributed to cyber attacks is actually a result of human error — or, rather, human behavior.
In the final installment of Deep Thought, a CyberSecurity Story, released today, ideas42 addresses this technical problem in a way most people can relate to — through a story. The true-crime novella dramatizes the human factors in cybersecurity and includes a robust index of key insights from behavioral science that can be used to rethink and improve security protocols.
Drawing on insights revealed in the story, here are five reasons you are the biggest threat to America’s cybersecurity:
1. You connect to public Wi-Fi everywhere you go. Remember when connecting to an insecure, public Wi-Fi network: if it’s easy for you, it’s probably easy for “the bad guy.”
2. Security warnings have lost all meaning to you. The “habituation” effect — when we get used to something after seeing it several times — often causes you to disregard security warnings with a single click, even if they are legitimate.
3. You think (and click) way too fast. Thinking fast can get you into trouble in a variety of situations, but it’s particularly dangerous online, when one small action-opening a bad email or clicking the wrong link-can have a high cost. Is that weird email just a weird email, or is it a phishing attempt?
4. You don’t follow through on installing the updates your device wants you to install. Poor “choice architecture” — for instance, how a website or digital procedure is structured — can often lead you to defer important security steps like downloading a new security patch or updating your operating system in a timely way.
5. Your pet’s name is your password. When it comes to creating passwords, it is randomness (not your pet’s name) that is your friend. Yet common security “rules of thumb” often inadvertently lead you in the opposite direction and result in passwords that hackers can work out in seconds.
This list isn’t comprehensive — it merely underscores the real problem with cybersecurity. The most secure system in the world is only as strong as the humans interacting with it. Failing to design for how we as human beings actually behave creates the opening for security breaches of all kinds.
Aside from tips like these, the ideas42 novella includes a rich vein of behaviorally-informed insights that can help organizations design systems that work with our human tendencies, not against them. The goal is to focus on behavioral insights and solutions that can be adopted quickly and brought to scale. For a full copy of the novella and behavioral insight appendix visit ideas42.org/cyber.
The organization’s work in cybersecurity is supported by the William and Flora Hewlett Foundation Cyber Initiative in partnership with New America’s Cybersecurity Initiative.
At ideas42 we believe that a deep understanding of human behavior will help us improve millions of lives. Using insights from behavioral science, we create innovative solutions in economic mobility, health, education, criminal justice, consumer finance, energy efficiency and international development. We’re a nonprofit with more than 80 active projects in the United States and around the world and many partnerships across governments, foundations, NGOs and corporations.