Why end user empathy is a vital cybersecurity tool (Guest blog by Licel)
In the epilogue of his book, Influence, The Psychology of Persuasion, Robert Cialdini makes a farsighted prediction:
The faster the world becomes - and the more information we consume - the more reliant we’ll be on immediate, shortcut responses. And, as a result, the easier it will be for people to trick us.
The thing is, this prediction dates from 2009. A time when social media had begun to change our digital behaviour, sure, but long before the smartphone had unleashed a daily deluge of data demanding our attention from the other side of a screen.
It’s hard not to be reminded of Cialdini’s words when reading article after article about social engineering attacks that have conned people into clicking on a bogus link.
But do businesses think enough about this daily reality for their end users? Do they have enough empathy for the cyber risks they face each day?
In this article we’ll make a case for why they should. And we’ll explain why end user empathy is a vital cybersecurity tool.
The “immediate” device
It’s unquestionable that end users are more at risk from cyber attacks on their mobile device compared with when they’re on their laptop.
Think for a second about how you tend to use your mobile phone. What are you doing when a text message pings on your device? Perhaps you’re scrolling through Instagram at the same time. Or maybe you’re chatting with a friend on the train as it pulls into your station.
Multitasking on mobile comes second nature to us these days. But so too, unfortunately, does in-the-moment decision making. The immediate, shortcut responses that Cialdini was referring to.
We tend to be more focused when we’re on our laptops. Less distracted. And this helps to explain why bad actors are increasingly targeting us on our phones. They know there’s a better chance we’ll slip up and click on something we shouldn’t.
This is what happened to a young couple in Singapore who in a matter of minutes lost the $120,000 they’d spent 5 years saving.
The power of empathy
Empathy is about understanding. It’s about putting yourself in someone else’s shoes and seeing the world from their perspective. It’s about knowing, deep down, that what happened to the young couple in Singapore could probably happen to any of us. Even those of us who work in cybersecurity.
We’re all human beings capable of acting impulsively without waiting for that voice in the back of our heads to say “wait a second”.
Empathy is powerful not only because it shows your end users - your customers - that you care about their security. It also makes you think about security differently. It changes the way that you communicate with and educate your end users. You’re less likely to speak to them in a robotic way and are more likely to speak clearly and simply.
This is vital, because if you communicate with your end users in this way, they’ll be much more likely to listen to what you have to say and remember it. A phishing message that pings on your end user’s device is less likely to work if they remember an email you sent to them explaining why you’ll never contact them via SMS.
This clear approach can be used to offer advice to your end users to stay safe on their mobile devices, too. Things like using the latest version of the OS, using multi factor authentication and, above all, being suspicious.
If you’re an app developer, then you can also educate end users of your app about how it works and the type of personally-identifiable data it handles. The modern consumer is much more aware of data privacy, so it pays to be transparent with them if you want to build trust in the long term.
But trust doesn’t come from clarity and transparency alone. They mean nothing if you don’t also invest in cybersecurity yourself. Say you’re an app developer - your advice to end users will seem very hollow if you don’t protect your application in the first place and it falls victim to an attack.
As we like to say to clients here at Licel, protect your IP and you protect your customers. Protect your customers and you protect your reputation.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.
Authors
