I’ve been in the business world for a few years. And in the past two decades, the forced ranking of employees has been used by most HR departments. These ranking systems have generated both great advantages and equally great disadvantage. But the motivation for implementing such competitive systems is quite clear: as humans, most of us are driven to compete. So it is theorized that this imperative can be channeled to “inspire” maximum performance while on the job.We want to be the “best” in whatever we do. This includes having the best house (or car), maintaining the best yard, encouraging the best students (or student/athletes), or being the “best” member of a great team. These kinds of systems inspire us to be the best that we can be. Such reward-based systems are nothing new in technology either. For a generation, game designers have built reward systems into their products. It is no longer just about beating the “big bad”. It is also about wearing the best armor or having the coolest spaceship. And social media systems have often devolved into follower counting or “influence” ratings.
So how can such comparison and esteem systems result in a stronger security posture?
The folks at LastPass (which is owned by LogMeIn) have been using a “security challenge” program to motivate people to be more secure than they have ever been. While such a system does not work for everyone, it has always worked for me. As a result of this system, I remained dissatisfied with being in the top ten percent of LastPass users. The test inspired me to work hard in order to join the top one percent of users. And this week, it inspired me to implement any and all recommended areas of improvement.
I’m not certain whether the aforementioned example speaks to the power of motivation systems or to a fundamental facet of my personal psyche. But for the sake of this article, I’ll assume the former while considering the latter at some point in the future. After cleaning up (and locking down) all of my credentials, I decided to turn my focus towards household vulnerabilities. And my tool of choice to evaluate vulnerabilities is Nessus (http://www.tenable.com).
I’ll probably write a follow-up article about my findings – and my subsequent actions. In the meantime, I will tell you that the very first thing which I started to do after seeing the most recent results was to triage the important vulnerabilities. I looked at the items that Tenable noted as most important. I then researched and worked towards remediation of all of the highlighted vulnerabilities. Bottom line: I was motivated to be better than my nearest neighbors. This “better than the Jones’s” compulsion is driven by my fundamental view that to be a survivor, one cannot be the slowest antelope in the herd. Consequently, I am using an incentive-based system (and some fear-based motivation) to further strengthen my security posture.
In the final analysis, I am convinced that harnessing ego rewards and highlighting real risks (i.e., letting people know of the possible punishments for not addressing vulnerabilities) are a winning strategy – if you have a company with employees like myself.
http://smallbusiness.chron.com/employee-motivation-reward-systems-15978.html