Summary

  • A nudge is a means of influencing behavior in a predictable way without forbidding any options.
  • Data loss prevention (DLP) solutions like Polymer integrate nudges into the daily workflow. Using artificial intelligence (AI), Polymer alerts users of risky actions and prompts them to make more secure decisions. 
  • Polymer’s in-app approach is much more effective than traditional employee security training as it provides reminders about data security in real-time, rather than relying on employees to stay vigilant 24/7.

If politicians use it, then why shouldn’t enterprises? We’re talking about nudging – a form of behavioral science. The theory behind nudging is that, by presenting information in a new way, you can gently influence people towards making better choices. 

The concept rose to prominence in the Obama administration, when Obama made Cass Sunstein, the author of the bible on nudging, the head of The Office of Information and Regulatory Affairs, tasked with using nudges to improve regulations. Together, for example, they used an opt-out approach of being an organ donor, instead of opt-in, to boost the number of registered organ donors in many states. 

As explored in a previous blog, nudging’s benefits extend beyond the political realm. The theory can be applied to corporate culture – specifically, to prevent insider data breaches and leaks. 

But how exactly does nudging work in the enterprise, and how can you use it to your advantage? 

Understanding fast and slow thinking at work

Successful nudging techniques are based on a positive manipulation of people’s actions. They either make people stop and think, so they can choose a better outcome or, as with the organ donor example, rely on people’s tendency to take the easy option.

This is all about the brain’s two systems: System 1 and System 2, as popularized by Nobel prize winner, Daniel Kahneman.  

Overview of System 1 and System 2 in the brain, as popularized by Nobel prize winner, Daniel Kahneman.  

The idea is that our brains switch between these two systems. System 1 thinks fast, and System 2 thinks slow. 

This is important to bear in mind for insider threats. Kahneman theorizes that our brains are “lazy”. We prefer to use System 1 decision-making because it’s easy and automatic. However, System 1 is also extremely error prone. At work, System 1 is what allows us to send emails to the wrong person or click on suspicious links without thinking. In fact, many cybercriminals rely on employees using System 1 thinking. They are betting on errors of judgement. 

With 60% of data breaches caused by insider threats, reducing System 1 thinking is imperative to better security outcomes. 

Applying behavioral science to your security policies: 

Below are some essential tips for reducing System 1 thinking among the workforce: 

Overview of tips for successful security training

Polymer DLP Behavioral Approach to Better Privacy

Polymer provides employee-based risk scoring based on patterns of sharing sensitive data. User nudges and warnings are designed to reinforce existing security training programs and best practices. For example:

  • Synchronous In chats such as Slack, existing phishing simulations are incorporated to train employees in being proactive before clicking.
  • Online file storage such as Google Drive, default sharing of public links is countered by framing users into private-only shares.

Polymer protects against data loss on modern collaboration tools like Slack, Dropbox, Zoom, Github and more with alerting & real-time redaction of sensitive and regulated information such as PII, PHI, financial and security data.

Further reading:

Polymer is a no-code data loss prevention (DLP) platform that allows companies to monitor, auto-remediate, and apply behavioral techniques to reduce the risk of insider threats, sensitive data misuse, and leakage over third-party SaaS apps. Try Polymer for free.

SHARE

Get latest blogs delivered to your inbox