Study: Bad Moods Lead to Bad Passwords

Study: Bad Moods Lead to Bad Passwords

Cybersecurity has emerged as one of the most significant challenges of the digital workplace. Moreover, it is an issue over which organizations don’t always have full control, as it depends to such a great degree on employee behavior. New research from the University of Delaware’s John D’Arcy shows that employees’ moods can influence their cybersecurity habits, for better and for worse:

According to the survey, employees in better moods are more likely to have a positive attitude about security and are more likely to follow policy. “On the flip side, if they’re in a bad mood, what you get can change from day to day,” D’Arcy said. “That makes it more likely that they will violate policy.” …

The team also examined what might cause some of these mood changes in the workplace, and ironically, sometimes the cause of the employees’ bad moods was the security policy itself. The research team calls this a security policy “backfiring.”

“Sometimes if they’re dealing with security requirements that they think are too restrictive or are a hassle, that can have a negative impact,” D’Arcy said. “It’s like too much security puts employees in a negative mood, which then again makes them less likely to follow policy.”

This finding may seem ironic, but in fact it makes perfect sense, because there’s nothing employees find more frustrating than workplace policies that get in the way of them getting their work done.

Read more

A Simpler Solution to Cybersecurity?

A Simpler Solution to Cybersecurity?

HR has a big role to play in facing the mounting cybersecurity challenges all organizations face today, because good cybersecurity practices depend so heavily on employees’ choices and behaviors, such as how they protect their passwords and respond to suspicious emails. To this point, Maarten Van Horenbeeck argues at the Harvard Business Review that employees fail to take on good cybersecurity habits because the rules their employers give them are unnecessarily complicated:

One of the big reasons security rules often don’t work is because they are so complex they drive people to take shortcuts that defeat their purpose. For example, password policies are so complicated and inconvenient that most employees just ignore them. Employees are told to change passwords frequently, but researchers have found that when people are required to come up with new passwords every three months they tend to do things like merely capitalizing the first letter or adding a number on the end to save time. This makes passwords increasingly easier to crack. Being creative gets exhausting when you have to do it repeatedly, yet most companies force this on employees for the sake of security.

Read more