Three ways Nudge Security helps counter the “forgetting curve” in cybersecurity awareness

Instead of the obligatory annual security awareness training, Nudge Security provides just-in-time interventions all year round.

October 3, 2023

I care deeply about recycling. I’ve spent more time than I’d like to admit researching the nuances of what can go where. Still, when I’m presented with the trash sorting bins at a restaurant, I probably get it wrong 60% of the time.

Why is this so hard?

It’s German psychologist Hermann Ebbinghaus’s “forgetting curve”: That pesky reality of human memory function that shows that we quickly forget a high percentage of what we learn, unless we work hard to retain it. According to the curve, humans are likely to forget:

  • 50% of all new information within a day
  • 90% of all new information within a week

Yikes. So…that cybersecurity awareness training employees attend once a year? The likelihood that anyone will remember enough to put it into practice days, weeks, or months later when the appropriate situation arises is…unlikely.

But, what if you could provide the highly relevant, contextual information from your security awareness training to an individual at the exact moment they need it?

For an example of this from the non-cyber world, let’s head back to the sorting bins at a restaurant. On a recent trip to a local spot, I was delighted by the ingenious design of their bins.

Instead of leaving me to guess whether their utensils and other items could be recycled or composted, it was all right there in front of me, at the exact point in time when I needed to act on the information.

Lightbulb GIF

This is the direction we need to go to have any chance of actually changing security behavior versus just checking a box that training was delivered. For employees, security missteps often have less to do with resistance or carelessness than the reality of the forgetting curve. They are busy, they need to get their work done, and often simply forget that, “Oh yeah, this is the exact moment I’m supposed to do that thing from the security training” as they are going about their day.

But, if we can make it easy for them by delivering the right information at the right time and in the right context, we’ll have a much greater chance of influencing behavior.

How Nudge Security can help you counter the forgetting curve

At Nudge Security, we’ve consulted with leading behavioral psychologists from Duke University to research which kinds of interventions are most effective at driving behavioral change. Our product draws on the behavioral economics concept of nudge theory, enabling security and IT teams to give users a gentle “nudge” in the right direction at the moment when it’s most relevant.

We’re also constantly improving that functionality. As the industry kicks off Cybersecurity Awareness Month, we’ve just rolled out several new improvements to help our customers customize nudges to meet their specific needs. Now, you can specify who sent a nudge, personalize nudges with your company’s logo, and add a footer to your nudges with your own custom content.

Let’s take a look at three ways Nudge Security can help your organization counter the forgetting curve all year long by nudging employees toward secure behavior with targeted, timely interventions.

1. Deliver perfectly timed acceptable use guidance to employees who sign up for AI tools.

If you were to review your organization’s AI usage policy in an all-hands meeting or training seminar, chances are slim that they would actually remember it later. Just like our trash example above, the best way to shape employee behavior around AI is to engage them exactly when the information is relevant to them.

Using Nudge Security’s playbook for onboarding new AI tools safely, you can set up rules to automatically nudge users with guidance right when they sign up for accounts with AI tools. As soon as your employees create a new account, they’ll receive a Slack or email notification sharing your organization’s acceptable use policy, so they have the information they need at their fingertips as soon as they’re ready to start experimenting.

2. Prompt employees to stick with your preferred vendors when they sign up for new accounts.

Organizations often have preferred vendors for certain types of services, whether that’s a particular DevOps tool that meets your compliance requirements, or a file sharing service that gives you a volume discount. Employees often unwittingly sign up for apps that aren’t preferred or aren’t approved at all, whether they forgot your vendor guidelines or never learned them in the first place.

Nudge Security helps you intervene when employees go rogue by nudging them with a request to switch to the app you prefer, or submit clarifying comments to request an exception if they have a valid business reason not to do so. You can set those nudges to go out automatically as soon as an employee signs up for an app that isn’t preferred, so your employees receive the reminder before they’ve gotten so comfortable with the new application that it’s a burden to switch.

3. Remind your users to enable multi-factor authentication—and reach them right where they’re working.

Multi-factor authentication is on every list of best practices your employees might run across (and it’s one of the themes of this year’s Cybersecurity Awareness Month). Still, it’s easy for even diligent users to forget to set up MFA for apps that your organization considers critical. The more time that passes from when your users set up an account, the less they’re thinking about changing their settings to make it more secure.

Nudge Security enables you to reach employees where they’re already working, whether that’s Slack or email, and prompt them to implement multi-factor authentication. You can even set up rules to nudge users automatically as soon as they create a new SaaS account, so they always have a timely reminder to make sure they’re following your corporate guidelines for authentication for every app.

Interested in learning more about how Nudge Security can help your team overcome the forgetting curve?

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors