Melissa Harris for MxD
Nobody likes to be told what to do – even something as simple as changing your password once or twice a year.
True for adults as well as children, and one of the key premises of one of the bestselling parenting books of all time: How to Talk So Kids Will Listen & Listen So Kids Will Talk. Lessons from one chapter in particular, “Tools for Engaging Cooperation,” have helped me prevent my toddlers from attacking each other.
But it turns out these lessons apply to any scenario where one person is ordering someone else to do something, whether that’s to use a stronger password or stop licking a lollipop that just rolled around in the dirt.
So here are the tools that the authors recommend using to get kids to cooperate, and how they apply to protecting a company from hackers.
Tool No. 1: Be Playful.
Turn a boring task into a challenge or a game. How many seconds do you think it will take to toss all your dirty clothes into the laundry basket?
Or in the workplace, which team can update their passwords the fastest? Or which team can make it to 100% adoption of two-factor authentication first?
Another idea the authors suggest: Make an inanimate object talk: “Feed me blocks!” says the hungry toy box.
Maybe that doesn’t exactly translate, but consider creating a mascot to deliver the stern lessons. (At MxD, we leave that to Deb, a grizzled factory floor veteran two years away from retirement to a Key West condo and daily prickly pear margarita.)
Tool No. 2: Offer a Choice.
Substitute choice for command. We know that using a strong password is non-negotiable, but there are plenty of options to offer. Would you rather add a symbol or a number to that password?
Tool No. 3: Put the Child/Employee in Charge.
Define the job but let the employee be in charge of the details. Why not allow employees to write the test “trick” emails that make up your penetration testing exercises. See if team members can fool each other.
Tool No. 4: Give Information.
“Stop banging on the keyboard! You’re going to break it!” vs. “Keyboards are delicate. All they need is a very light touch.”
Collective eye roll. I know. No parent would ever say “Keyboards are delicate.” But the point is that without providing information that supports cyber rules, they’re likely not to be followed when you’re not around. So share data and stories from past breaches, talk about how time consuming and expensive mistakes in this area are. Give them useful knowledge.
Tool No. 5: Say it with a Word.
There’s a lot of repetition in parenting and cybersecurity guidance. And we all tune out lectures. So here are the two options the parenting book authors shared:
“You guys left the chairs out again. How many times do I have to tell you? There’s no maid to clean this classroom after we leave.”
Or
“Chairs!”
With the single word, you assume that the kid, if you just point out the problem, will be glad to fix it. It’s quite respectful.
What if, when you see a cybersecurity concern, you just say to your colleague: “Hackers!” I’d get it.
Tool No. 6: Describe What You See.
Maybe one word won’t always do. Try to avoid an irritating command or accusation and instead say, “I noticed you didn’t have two-factor authentication when you opened your email.”
Tool No. 7: Describe How You Feel.
When speaking to your employees about these issues, do not hesitate to talk about how lapses in the past have made you feel. Or how, when your team passes a penetration test, how proud of them you are. Cybersecurity is so much about rules, but it’s also very much about a feeling of safety. Talk about how important that feeling is to the success of the company.
Tool No. 8: Write a Note.
Too often cybersecurity commands are communicated over email or during massive seminars. A hand-written Post-it note, however, might be more effective when you are seeing repeated lapses by an employee or team.
Tool No: 9: Take Action Without Insult.
With so much at stake, leaders will no doubt need to stand their ground and take action. But when you do so avoid an insult like: “I can’t believe you’re so careless!” Instead say: “I know using two-factor authentication is an inconvenience. It’s easier without it. But I can’t let you continue to use company software without it. I’m going to watch you add it now.”
According to the book, “Study after study has found that young children who are not constantly ordered around are much more likely to cooperate with simple requests from a parent — for example, cleaning up toys when asked — than children who are micromanaged and controlled much of the time.”
No doubt the same is true for employees.
Melissa Harris is CEO of M. Harris & Co., a marketing and creative firm whose clients include longtime partner MxD.
Additional resources to help prevent cyberattacks are available in the MxD Cyber Marketplace.