Punishment is evident in all aspects of our life to everything from getting drivers to stop speeding, to getting the dog to not bark at the mailman. Because of this, it is no wonder that several go to punishment when wanting to change user behavior. While punishment is a very powerful tool- that can produce almost immediate change in behavior- it is very hard to control and very hard to maintain. For these reasons, I rarely recommend using punishment when …
Read more »
Imagine that you are the head of security awareness at an organization (not a stretch for some) and have been charged with getting people to report issues to the help desk. You decide, in your infinite wisdom, to encourage them to report issues to the help desk by giving them $1 each time they report a valid problem. The week after implementing the new reward program the number of issues reported to the help desk has increased 100 fold. You …
Read more »
For those that have been around, you probably know that social engineering (and especially phishing) is one of my favorite topics. I’ve done a lot of it myself, as well as done as much research as pretty much anybody on the topic. This year at RSA, I’m especially excited to get to sit on a panel to talk about user security and social engineering. This one’s especially fun because it’s being moderated by Tim Wilson, who’s one of the editors over …
Read more »