The question as to why we don’t always take security seriously comes down to the fact that we tend to favour the easy option when it comes to things like setting passwords. Why do we choose the easy option?
The simple answer is that we’re born lazy! That said, there’s a lot more involved in driving our choices when it comes to taking the easy option, especially since we’re programmed to be that way. Another way of looking at it, is that we take the path of least resistance or that we conform to the principle of least effort. Although this is regarded as a folk physics concept, it generally applies to everything. For example – electricity would never choose a more difficult route around a circuit board. Rivers go around mountains and not over them. Even the evolution of wolves into domestic dogs came about by the principle of least effort. The wolves were happy to scavenge the protein-rich food left over by humans, as it was easier than having to compete with them. Therefore, we can’t help being lazy – it’s the way we’ve evolved.
These powerful forces exist at our workplaces too. It’s far easier NOT to pull up an unproductive junior colleague for their poor work ethic; it’s easier to prioritise quick-win tasks, instead of tackling more complex projects; and it’s much easier to use password123 for your network password instead of spending time thinking about a secure password strategy. In all three of these examples the principle of least effort will, in fact, lead to more effort in the long run. Not dealing with the junior colleague’s poor work ethic will result in you having to pick up the slack; not tackling the big projects will result same amount of work but in a shorter space of time; and not using a secure password strategy could result in the company falling foul of a ransomware attack – causing endless hours of disaster recovery and financial loss to the company.
In the same way that nature draws us towards the principle of least effort, we’re also programmed to learn from our mistakes. The big difference is that we don’t HAVE to conform to the principle of least effort just because we’re drawn to it. We’re intelligent beings and can learn from history, the shortfalls of taking the easier route. We’re trusted by our employer with the security of their data and their clients’ data. It’s a huge thing to ask, and the least you can do is maintain that trust by NOT choosing the principle of least effort in creating a weak password, the thin strand between valuable data and cyber criminals. These criminals rely on the principle of least effort. In fact, around 85% of cyber-attacks are not particularly technical and are often an exploitation of humans taking the easy option. We, need to push against the force that draws us towards the path of least effort, it’s our duty as trusted custodians of our own and other peoples’ data.
If you’re not sure where your organisation stands from a Cyber Security perspective, Cyber Essentials is a great place to start on that journey. Use the Remson Readiness Tool to carry out a FREE assessment and we’ll send you a score and breakdown in a comprehensive report.