Giving test subjects direct instruction made them more likely to fall for phishing attacks and less likely to explore the advanced features of software. Mindfulness training had the opposite effect.
You're probably doing IT training all wrong.
That's the takeaway from a series of studies conducted by researchers at Clemson University, the University of Virginia, and the University of Oklahoma. The group published a new paper titled "Technology Use: Conceptual and Operational Definitions" that delves into the relationship between mindfulness and the ways that people utilize technology. It draws on three separate studies conducted with 1,200 students, faculty, and university staff members over a 13-year period.
The practice of mindfulness encourages people to focus on the present, being very aware of what they are thinking, feeling or doing. Several studies have suggested that mindfulness can have health benefits, and this research examined how the practice might impact interactions with digital devices.
Jason Thatcher, a professor of information systems in the management department at the Clemson College of Business, explained that in one of the experiments, the researchers tested two different approaches to training people about the dangers of phishing. One approach, based on expert recommendations, included “the seven principles, or seven tells, of a phishing email.” Thatcher explained, “It was very structured.” The second group received training that took a mindfulness approach and emphasized: “Being aware. Pause and reflect, and then deciding your course of action.” If people didn’t feel comfortable, they were encouraged not to click on an email.
The participants, who did not know they were part of a study and instead believed they were receiving IT training, were next put in a field test situation where they came into contact with a simulated phishing attack as part of the IT department’s regular penetration testing efforts. Those who had received the mindfulness training were far less likely to fall for the phishing emails than those who had received the more direct instruction.
Another test examined the effect of the two types of training on software use. The researchers found that people who had received the mindfulness training were more likely to fully explore the software like Excel, seeking out its more advanced features. Thatcher said, “We found people that were more mindful were more likely to take full advantage of the feature set embedded in the technology, and they were more likely to explore new features. And they would think about new ways of applying these features to business problems.”
The researchers also quantified study participants' mindfulness using questionnaires, and in some cases, they primed subjects with images or text designed to put them into a more mindful state. In general, they found that mindfulness made people less likely to fall for phishing attacks and more likely to be innovative and creative in their use of technology.
Jason Thatcher, Clemson
That might make it seem like all IT training should embrace the concept of mindfulness and focus on broad concepts rather than providing direct instruction in how to use technology. But Thatcher said it is more nuanced than that. “It depends on what you’re trying to do,” he said. “If you’re trying to foster critical thinking, you’re probably better served by saying, ‘here are three or four principles,’ and then having people apply those principles in action.”
On the other hand, “If I’m trying to teach programming, it would be a mistake to not take people into the details. The combination is probably what you’re after.”
While it might be a good for some leaders to be as creative and innovative as possible in their use of technology, that isn't necessarily desirable for everyone. "Leaders need to be mindful," he said, but he cautioned that it might be more important for the people doing data entry to receive direct instruction in how to do their jobs and not to be encouraged to get creative.
He also noted that people need a baseline of familiarity with technology before they feel comfortable exploring software. “I think the next series of studies will examine what is the appropriate balance between creating that baseline skillset in training and then bringing in that ability to explore.”
The research also turned up two other interesting findings. First, young people were more likely to fall victim to phishing attacks than older people, perhaps because of the design of the study. Second, people appeared to be less mindful when using mobile devices than when using PCs, but the professor warned that this was only a preliminary finding and not yet fully confirmed by the research.
It seems that there is still plenty of work to be done studying the relationship between technology and mindfulness.
Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years. View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.