CIOs Have To Make Privacy Personal

CIOs have to realize that no worker is an "average" worker
CIOs have to realize that no worker is an “average” worker Image Credit: g4ll4is

As the person with the CIO job, it’s your responsibility to keep the company’s IT assets safe. However, this is not a task that you can do by yourself – you literally need everyone else in the company helping you to do it. Everyone who works for the company has to take steps to make sure that the bad guys can’t show up and access the company’s network pretending to be somebody that they are not. One key part of doing this is making sure that everyone is using a secure password. However, it turns out that that is harder to do than you might think.

The Problem With Passwords

Many people with the CIO job know that strong passwords are crucial protection against hackers, yet many employees still routinely use weak ones. So, how can they be encouraged to create stronger passwords? Research suggests the answer is for CIOs to make the appeal more personal. Consider the use of password meters, a common way to nudge people toward stronger passwords. They can do some good, but they can’t help every individual choose their strongest password. This is because they are designed with the average user in mind, not taking into account differences in people’s personal traits and tendencies.

It turns out that few people are “average.” People who are good with numbers might be more motivated by being shown how long it would take a hacker to crack their password, rather than presenting them with a simple “weak” to “strong” scale. Other employees might respond best to seeing how strong their password is compared with other people’s. The researchers found that the most effective password nudges are targeted with differences like these in mind. In the study, the effect of personalization was even larger than had been expected. When participants were given a password nudge that was tailored to their individual traits and tendencies, the passwords they created would have taken attackers about four times more resources and time to crack than passwords created by others who received a nudge that wasn’t personalized to their traits. The passwords selected by the successfully nudged group were more than 10 times harder to crack than those of participants who weren’t nudged in any way.

How To Motivate Your Employees

It has been found that personalized nudges did not have the undesired consequence of people creating passwords too strong for them to remember. In a follow on study, those who received personalized nudges were as likely as the other participants to remember their passwords when asked to do so. In experiments that were performed, participants completed a large battery of questionnaires that measured various traits, including things like how much they consider future consequences, their style of decision making and how well they deal with numbers. Each participant was then then nudged in different ways to encourage them to pick the strongest password they could. These nudges included both the standard-looking password meters and also nudges designed to appeal to particular personal traits.

The results showed which nudges worked best for which profiles of individual traits and tendencies. In order to test those conclusions, the researchers worked with a fresh sample of participants who received only one kind of nudge each. When they gave individuals a personalized nudge based on their profile, it increased the strength of the password they chose, compared with those who were shown either the nudge that had been found best on average or one chosen at random. The person with the CIO job who can identify the power of personalized nudges is one step toward broader use of strong passwords. For businesses, governments and other organizations that want to personalize their password nudges, the hard part is going be figuring out how to gather the information needed to develop individual profiles while at the same time respecting people’s privacy.

What All Of This Means For You

CIOs can only be as successful as their employees allow them to be. What this means for you is that you are going to need the help of the people who work for you to make your company run smoothly. Securing the company’s IT assets is a key part of any CIOs job. To make this happen you need each person who works for the company to do their part in securing the company’s network.

The first step in securing the company’s network is for each network user to create a secure password. This can be very hard to do. An effective technique is to determine what motivates a given employee and then “nudge” them to create a secure password. The best kind of nudges are personalized nudges that have been tailored to a given employee.


– Dr. Jim Anderson Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™


Question For You: What is the best way to find out what kind of personalized “nudge” would work for a given employee?


Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Every person with the CIO job knows what social media is. In fact, we all probably have Facebook, LinkedIn, and other social media accounts. We use these tools during our off hours to stay in contact with people that we don’t see all the time. We browse family photos posted by people that we know and we may even upload pictures of our cat doing goofy things at times. However, it turns out that there is a downside to social media that we may not be aware of. Everything that we post on any social media platform just might come back to haunt us.