Researchers have suggested that businesses can improve their information security by giving their employees – users – more options.
According to a recently published study in the Journal of Management Information Systems, security managers and supervisors could have greater success in motivating employees to act more securely by avoiding cold, authoritative commands, and instead create security messages that are relatable and provide options for how employees can better protect information and respond to threats.
The study by researchers at Washington State University and colleagues employees may fail to realize they are putting company data at risk or have less of an interest in taking steps to ensure security because it’s not their personal data.
Researchers say that when employees feel they have a choice in their response in what works best for them, they tend to take actions that are more secure. They recommend information systems managers avoid messaging that is too rigid in its instruction, and instead focuses on different strategies for protecting information and responding to threats.
For example: Your passwords are the keys to your digital life, and your online accounts are a proverbial gold mine for someone looking to steal your identity. Hackers often accomplish identity theft by figuring out online passwords. Regardless of how confident you are in your computer skills, you can learn how to create strong passwords and manage them using a password manager. A password manager is software that aids in keeping track of multiple passwords. We recommend using Dashlane, 1Password, KeePass or LastPass. Each of these is an adequate solution, so feel free to choose the software you like the best as your password manager.
The goal is “changing the conversation to be about a partnership,” said one of the authors of the study. “The focus should be ‘We are in this together, and you have options on what you can do to help,’ as opposed to ‘You have to do this or that.'”
Organizations can work to safeguard against security threats and encourage their employees to make better decisions by providing information and security training on a more frequent, year-round basis.