The Broken Cyber Windows Theory, introduced by social scientists James Q. Wilson and George L. Kelling in 1982, suggests that visible signs of crime and antisocial behavior encourage further crime and disorder.
But what does this have to do with cybersecurity? There is more than you might think.
The cybersecurity parallel: Neglected digital environments
In many organizations, cybersecurity awareness feels like a losing battle. Employees ignore security policies, download unapproved software, and use weak passwords.
It’s as if our digital environments are full of “broken windows,” signaling that it’s a culture where no one really cares about security.
Traditional approaches often focus on punitive measures or dry, technical training that fails to engage employees.
It’s like trying to reduce crime by simply increasing fines, without addressing the underlying issues that make an area feel unsafe or neglected.
Applying the Broken Windows Theory to cybersecurity
Just as fixing broken windows and cleaning up graffiti can reduce crime by fostering a sense of order and care, we can apply similar principles to our digital environments:
- Create a culture of vigilance: Encourage employees to report potential security issues, no matter how small. This is like neighborhood watch programs for your network.
- Address small issues quickly: Respond promptly to minor security infractions. This shows that security is taken seriously at all levels.
- Improve the “look and feel” of security: Make security tools and processes user-friendly and aesthetically pleasing. A clean, well-designed security interface is like a well-maintained storefront.
- Celebrate security wins: Publicly recognise employees who spot phishing attempts or follow good security practices. It is akin to community awards for neighborhood improvement.
Practical steps for implementation
Conduct a digital environment audit
Walk through your organization’s digital spaces as an average user would. Where are the “broken windows”? Look for outdated software, clunky security processes, or confusing policies.
Implement a “see something, say something” program
Create an easy way for employees to report potential security issues. Make it as simple as sending a quick message or clicking a button.
Redesign security communications
Transform your security awareness materials. Replace dense text with infographics, short videos, or even memes. Make security information as engaging as a well-designed public space.
Create security champions
Identify and empower individuals across departments to be security advocates. These champions can help maintain a secure “neighborhood” in their area of the organization.
Regular “digital community” events
Host regular cybersecurity events that feel more like community gatherings than lectures. Think cybersecurity fairs, hacking demos, or even escape rooms with a security twist.
The path to a strong security culture
By applying the principles of the Broken Windows Theory to cybersecurity, we can create digital environments where security feels natural and everyone plays a part.
It’s not just about preventing breaches; it’s about fostering a community where secure behavior is the norm.
As we move forward, let’s reimagine our approach to cybersecurity awareness. Instead of building walls and enforcing rules, let’s create digital neighborhoods where everyone takes pride in keeping things secure.
Every fixed “window” in your digital environment is a step towards a more secure future. So, let’s roll up our sleeves and start cleaning up our digital streets. The neighborhood and your data will thank you.
Javvad Malik is the lead security awareness advocate at KnowBe4
