Behavior Change Is Hard
Cognitive biases in life and Information Security
I feel like this article is for my future teenage kids where they will tell me that they are who they are and don’t want to change.
Change is hard. It’s even hard when you don’t have one or more of these things:
Self-awareness
Humility
A goal for understanding
Willingness to learn
Change: Getting To The Root Of Will
How many times have you been a victim to a sign or post like this?
Although this may achieve the goal you are looking for if followed, it’s not terribly welcoming.
An alternative sign could be like this:
The idea is that, assuming they’re not a psychopath, any good natured person will see the impact of their actions and not want to burden someone else.
Another example is when a water company wanted to get residents to use less water, instead of asking residents to use less water to save the environment etc, they said that their neighbors are already saving water and doing a great job. Here the company used simple psychological pressure levers of guilt and shame to change user behavior1.
Sometimes change is not possible, and so that is where a technical control may come into play. I know I had difficulty changing the behavior of people turning off the light when they left the kitchen, so I ended up installing a motion sensor light switch instead!
Change In Information Security
Enter Information Security. I think there are two components here.
One, for Information Security professionals to embrace change and understand the psychology behind the work they do. Yes having technical proclivity is important, but not everything and vice versa. Your message will not be well received if you are difficult to work with. Period.
Two, the other is how to influence behaviors in others. I believe that people want to do the right thing, they just need to be made aware of it. Instead of writing rules and controls in a vacuum, show the impact of not fixing or not doing something to better communicate you objective.
Leaky Hose Story
I have a leaky hose that I’ve been struggling to get people to turn off after using (long story). Because people were not closing it after use, I had to put a towel to capture the water so it doesn't damage the wood.
Today I was about to put a sign say “Please turn off valve” but instead opted to say “<-- Leaky Faucet” instead. The hope is that they will see the note and be reminded to close the faucet. If not, I might put one more note behind it saying “will cause permanent wood damage”. Let’s see if it works.
Or I could just find the time to fix it. 🤷🏽♂️ 😀
https://www.npr.org/2015/05/05/404352534/blame-cognitive-biases-when-efforts-to-conserve-water-aren-t-effective
For me, I find it really useful and efficient to see the system that I'm a part of and how connected I am to it. By system, I mean any kind of system: humanity, work, family, community, even my internal system. In your example the system would be the family/house and you are providing your family an opportunity to see their connectedness to the system that they are a part of. Now, if they choose to turn off the water they are doing something constructive that ultimately leads to a better life for them.
It's easier to take care of your mental health when you see how directly it affects every other facet of life and how inefficient it is long term. It's easy to choose to spend time with my family when I am able to feel connected with how my presence in their life will impact them positively, which leads to a better life for me and ultimately the systems that I'm a part of. We are just part of a large system, ultimately and we should strive to have the best, most efficient system possible. Viewing things through this lens makes it hard for me to feel like I can do anything selflessly. Anything positive I do for others always pays back far more than it costs. It's a really efficient use of time!
I enjoyed this thought-provoking post.