Security Nudge - Locking Computer Screens

Security Nudge - Locking Computer Screens

I’ve written previously here about Thales Australia’s Internal Information Value campaign where we’ve been using ‘security nudges,’ to change people’s default  behaviours around data security.

One of the primary focus’ of the campaign has been ensuring that sensitive information is secured before people leave their desks unattended.

Often, people walk away from their computer without a second thought to the value of the information stored on their computer . Why is that? Well, it’s typically based on two factors:

  • Firstly, and perhaps most commonly, people are reliant on the automatic lock screen that kicks in after a period of time of the computer being unattended.
  • Secondly, often people believe that everyone they work with is of a good nature and wouldn’t want to access their computer if it was left unattended. While, for the most case this is probably true, it’s this trusting nature which can lead to information being accessed and then misused.
  • Finally, there will be those who want to avoid locking their computer because they don’t want to have to enter their password credentials again to unlock their computer.

This is where the ‘security nudges’ come in. If our Thales Security Officers notice that a computer hasn’t been locked and is unattended, a screen lock reminder card is placed over their monitor or laptop

The placement of card is not intended to be a reprimand or to be a formal audit rather – it’s a reminder, or ‘nudge’ of what the expected behaviour is around securing your computer when you leave it unattended.

There is definitely less risk associated with leaving your computer unlocked at work however, as ‘work’ is now more flexible and mobile, and not confined to an office, we want to make sure these behaviour changes are implemented wherever you’re working from. .



John Penn

Senior Security Propositions Manager at BT

6 年

Interesting article - thanks Ben. I think making sure that people know about the Windows+L shortcut is a good start.

Gautam Altekar

Co-Founder at Clairvoyant Intelligence, Inc.

6 年

Ben -- Thank you for the thought-provoking post. While I understand the intent is not to reprimand, I suspect the desire to avoid being so visibly carded will be the driving force in effecting behavioral change here. Would be curious to see how this approach compares in effectiveness with more subtle nudges -- but perhaps you've tried that already.

回复

要查看或添加评论,请登录

Ben Doyle的更多文章

  • Getting/Arriving to what matters most

    Getting/Arriving to what matters most

    It has been a fantastic journey and a privilege to hold such a unique CISO role for Australia for so long. In my tenure…

    193 条评论
  • Detecting Benign URLs

    Detecting Benign URLs

    I have had the pleasure of working for the last couple of years with a University of Sydney PHD researcher, Fariza…

    4 条评论
  • 20-Year Anniversary in Role

    20-Year Anniversary in Role

    CISO Thales Australia and New Zealand Today marks my official 20-year anniversary working as the Chief Information…

    107 条评论
  • AISA/RSAC CISO Boot Camp

    AISA/RSAC CISO Boot Camp

    Over the last few months, I have been working with Britta Glade from RSA Conference on building the agenda for the…

    8 条评论
  • Purposeful Language

    Purposeful Language

    One of the biggest barriers for cyber professionals when explaining the threat landscape, the controls that are…

    10 条评论
  • Create Memorable Interviews

    Create Memorable Interviews

    This is a continuation in the series of articles I have been writing on LinkedIn on the topic of approaching cyber…

  • Defining the Requirements for a Job

    Defining the Requirements for a Job

    This is a continuation in the series of articles I have been writing on LinkedIn on the topic of approaching cyber…

    5 条评论
  • Be Purposeful in your Job Needs

    Be Purposeful in your Job Needs

    I am a strong believer in the axiom, the value you get out of something is correlated with the effort that you are…

  • Job Focus vs Career Focus Hiring?

    Job Focus vs Career Focus Hiring?

    There is plenty of discussion across the Cyber security industry about the lack of available candidates for Cyber…

    1 条评论
  • Why Cyber Risk is Broken

    Why Cyber Risk is Broken

    Image if you will that you are the owner of a very successful Michelin-star restaurant. The more you put yourself in…

    18 条评论

社区洞察

其他会员也浏览了