Skip to main content youtube35 compass cog benefits world goToLastPage next previous goToFirstPage blog govtech press video copy print external twitterTheme rss facebookTheme gplusTheme linkedinTheme loading facebook linkedin share twitter download2 list grid warning search linkedin2 cell mail resources news calendar generic about training tradeshow text smallbusiness recruitment play more message download contact closeout circleUp circleRight circleLeft circleDown circleArrowRight arrowRight arrowLeft angleUp angleRight angleLeft angleDown
Blog Post

Unpleasant Design Could Encourage Better Cyber Hygiene

By Tobias Naegele

March 23, 2018

Recent revelations that service members and intelligence professionals are inadvertently giving up their locations and fitness patterns via mobile apps caught federal agencies by surprise.

The surprise wasn’t that Fitbits, smartphones or workout apps try to collect information, nor that some users ignore policies reminding them to watch their privacy and location settings. The real surprise is that many IT policies aren’t doing more to help stop such inadvertent fitness data leaks.

If even fitness-conscious military and intelligence personnel are unknowingly trading security and privacy for convenience, how can IT security managers increase security awareness and compliance?

One answer: Unpleasant design.

Unpleasant design is a proven technique for using design to discourage unwanted behavior. Ever get stuck in an airport and long for a place to lie down — only to find every bench or row of seats is fitted with armrests? That’s no accident. Airports and train terminals don’t want people sleeping across benches. Or consider the decorative metalwork sometimes placed on urban windowsills or planter walls — designed expressly to keep loiterers from sitting down. It’s the same with harsh lights in suburban parking lots, which discourage people from hanging out and make it harder for criminals to lurk in the shadows.

As the federal government and other agency IT security leaders investigate these inadvertent disclosures, can they employ those same concepts to encourage better cyber behavior?

Click here to read more