Hacker- and cyberattacks are part of everyday life in the digital world, and I am not talking about the consequences we are currently seeing in many action and disaster movies that show us quite plainly what it means to jeopardize mission-critical systems. I am talking about simple psychological tricks everybody can fall for with huge consequences and enormous implications.

Regarding data and IT security, it is basically about the protection against identity theft and self-inflicted data loss. Every company should play through both scenarios, based on concrete data, and then decide how IT security can be guaranteed to a larger extent. At least by now it is not a question anymore, not even for small businesses, whether to invest in IT security measures, as it is commonly known that IT security isn’t a superfluous luxury, but an absolute necessity.

In order to assess the risks for your business correctly and respond appropriately, you should get an overview of the most important company values first. Once the biggest risks are identified, it is relatively easy to come up with some guidelines for IT security, which can be introduced in the form of a company agreement. In addition, there are of course the technical measures of IT security needed, such as e.g. regular server backups and updated security software.

Programming Trojan horses or hacking a computer is costly, in fact mastered easily just by a few. However, often not even much time and effort is needed. Simple psychological tricks are enough to gain access to a PC and get the password handed over, as a remarkable study of the University of Luxembourg proves. Their experiment shows how easy it is to get access to confidential data with just a "treat" and points out how low the awareness of the risk of cyberattacks really is among computer users. In fact, a piece of chocolate had been enough for almost half of the 1,208 study participants to divulge their passwords.

Bad for privacy protection: After accepting favors, we feel constrained

Participants were randomly selected and approached in the street. They didn’t know the researchers, whose only legitimacy was a bag imprinted with the university logo. Nevertheless, the respondents were willing to provide information on their dealing with computer security and even disclosed their password. Nearly 30% actually gave their password simply by request.

In a further step, the scientists built up "a relationship and trust" with a small gift - in this case chocolate – that made people really talkative. About 40% divulged their password after they had received at the beginning of the survey some chocolate. Even more, namely almost 48%, were willing to give away information freely if they had received the chocolate right before the relevant question.

For the scientists, the result wasn’t surprising, since they had applied the principle of reciprocity for the trial. It is a fact that if someone is doing us any good, we feel obliged to give something back, hence the "exchange" of password for chocolate emerged.

As the trial of the University of Luxembourg shows, small favors are enough for strangers to be able to gain access to sensitive data. For the individual, but also for companies, such psychological tricks can be dangerous and expensive, because cyber criminals have long recognized that the user is the weakest link in the security chain. Now, let’s not start thinking about what this could mean for our manipulative advertising world.

By Daniela La Marca