It’s just science: Users don’t pay attention to security messages

Thanks to a recent study, scientists may have confirmed what those in IT have long known: Users will most likely ignore security prompts that pop up on their screens. 

By taking MRIs of users exposed to warning messages, researchers showed that after just one repeated warning, users’ visual processing took a precipitous drop. After several repeated warnings, the effects were even less noticeable.

Put simply, if they see a pop-up warning, they might pay attention the first time; each subsequent time, not so much.

Keep it fresh

These findings will be reported at the upcoming Association for Computer Machinery CHI 2015 conference. But here’s where we break from the scientific findings and expound on the topic as a whole.

The truth is that any security message you get out there has a limited shelf-life. Threats change quickly. Even evergreen topics like phishing emails undergo myriad changes that make them more and more difficult to nail down

And the killer security presentation you made last year will go completely unheeded this year if people feel like they’ve heard it all before.

Mix it up

The best security messages are:

  • Delivered through various channels. An annual security meeting in a classroom won’t protect users year-round, but a weekly email on security could also be deleted. Use every tool available: in-person meetings, talks with individual departments, emails, quizzes, interactive sessions, classroom training, etc. If the message comes in a variety of ways and from different people, users are more likely to absorb the info.
  • Tailored to your people. Training on security won’t be one-size-fits-all. For it to be a success, you need to start by knowing what level the information you present should be on and then give a wide variety of security advice that fits that level of understanding. There could be tiers of information for more or less security-aware users.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy