Secure by
⌘K
Home
Blog
aAbout
sSpeaking
cContact
nNewsletter
cCourses
bBook
Favorites
History
All Posts
News
Behavioral science
Risk Management
Compliance
Management
All Posts
News
Behavioral science
Risk Management
Compliance
Management
Jun 3, 2024
Under Behavioral science & Compliance
322 views

Simple Secure

simplex-2730770_1280

Imagine having an imaginary banner hanging over your head with your motto. What would it say? On my banner, it says "Simple Secure". This is my mantra when it comes to IT security. In my opinion, all IT security solutions should be tested for simplicity. If it's not simple, it's not safe.

This is because we all have a bias that makes us choose the easiest and most direct solutions. This bias is called the "path of least resistance," it describes our tendency to prefer easy, manageable solutions. For example, think of bureaucratic processes and cumbersome workflows. There are likely many examples of things you would like to avoid because they are complex and cumbersome.

Our users feel the same way, and if we design our security solutions to be complex or involve many clicks, users will find a way to circumvent them. Therefore, we must prioritize simplicity in all our solutions when working with IT security and nudges.

Here are some examples of implementing the Simple Secure Principle in your work as a security professional.

  • Provide users with a password manager to easily manage complex passwords.

  • Make it easy to work safely when you're out or working at home.
    For instance, you can ensure the VPN application opens automatically when the PC is disconnected from the company's Wi-Fi. Additionally, you can have the code appear on the phone without the user having to lift a finger. That's pretty neat, isn't it?

  • Provide step-by-step instructions and avoid sending too many messages at once. Also, try to use as little technical jargon as possible. Complicated instructions can make us think the process is more complex than it actually is.

  • Make reporting phishing easy by implementing a "phishing button" for one-click reporting of potential phishing emails.

Try reversing the principle and introducing a bit of "friction.”

You can also flip the principle and introduce friction into the unwanted behavior. This means making the wrong and risky behavior as inconvenient as possible. For example, you could ensure the user encounters a pop-up when attempting to save a file to the file drive instead of the new document management system. Or you could prompt users every time they use unwanted file-sharing services.
Then, you fully leverage the Simple Secure principle by providing a direct link to easily order an approved site for external file sharing.

Jun 3, 2024
Under Behavioral science & Compliance
322 views

Want to get information on new blogposts and offers on other brainy knowledge?

Sign up for the brainy newsletter !