Convincing customers to be secure is no easy task, even when it is in their best interest. Some innovative companies are exploring new ways to change behaviors without the downsides of fear and negative press, by actually rewarding their customers.
Carrot and the stick.
Nowadays, the only time customers go out of their way to change their passwords or act more securely is when they see headlines of a data breach, notified of their stolen identities, or see fraudulent charges. Such events are costly and embarrassing to businesses, but do result in many users begrudgingly changing their passwords or behaving in more responsible ways to protect their security. Companies want users to be more proactive and involved in protecting their information and access, but it is a difficult challenge to influence cooperation.
Some creative organizations are taking a different approach. They are instituting positive reinforcement and rewards to bridge the gap between how customers currently act and how they should behave to enhance their security. The Hilton Honors guest loyalty program, a travel rewards organization, is offering 1000 points to members to update their password. The Google Drive team recently offered an additional 2GB of online storage for customers completing a security checkup. This is a change in tactics and a proactive approach likely to make their customers more aware of security measures and good practices.
Although not obvious, it may be a very shrewd business decision. Cooperation between customers and businesses to enhance security is a powerful force. The nominal costs of rewards may be offset by the reduction in risks and impacts of security incidents. Beyond the fiscal responsibility, such interaction may strengthen brand awareness, trust, and loyalty. Feeling secure, in an insecure world, has many advantages.
For those who build a strong relationship, such rewards may only be the start. Savvy users can help with early detection of attacks, report phishing attempts, and alert on other indicators of compromise. Partnerships could extend to other security related areas where users are involved to define proper data retention parameters, privacy practices, and to voluntarily access sensitive services only from secured devices. Cooperation builds trust and encourages loyalty. Rewarding customers to actively engage and contribute to a safer environment could be something special and highly effective if worked properly.
Is bribing customers a bad thing? Not in my book, when it results in better education, acceptance of more responsibility, and ultimately better security behaviors across the community. So you have my vote. Good job and I hope this begins a worthwhile trend.
IT Peer Network: My Previous Posts