Social Engineering Blogs - Page 319 of 559 - An Aggregator for Blogs About Social Engineering and Related Fields

The Influence People Blog April 28, 2014

Restricted Freedom and Persuading Others

Recently on a flight home from a training session I did what I normally do on a Southwest flight – I grabbed the first available aisle seat upon boarding. After I settled in, the flight attendant asked if I wanted to move back a row. She was in the emergency row and reminded me I could not recline my seat. I declined because I normally don’t recline my seat anyway.A few moments later I began to regret my decision because the thought crept in, “What if I want to recline?” Suddenly having my freedom restricted caused angst even though the restriction was on something I hardly ever do. Scarcity was at work on me! This principle of influence tells us we want things more as they become less available and it doesn’t just apply to goods and services; it applies to our freedom of choice.A good bit of scarcity’s work on our psyche has to do with not losing out on opportunities because that restricts our freedom. If you’ve raised kids undoubtedly you’ve seen this. Isn’t it the case that more often than not they want whatever they’re not supposed to touch, taste, smell, watch, listen to or play with?That doesn’t go away as adults. The moment someone tells us we can’t do something there’s a natural impulse that rises up in us, “Who are you to tell me I can’t…?”As persuaders, we’d do well to remember this because there are times when our well-intentioned communication backfires because our restrictions only make the other person want the restricted thing even more! There are times when we’d be better off taking a wait and see attitude rather than jumping in with a command – don’t, you can’t, you’d better not, etc.If you have to make such statements you’d do well to help the other person internalize why the restriction is actually in their best interest. This taps into the principle of consistency. People typically don’t resist their own beliefs, values and reasons, so helping them form those will go a long way toward them believing the restriction is actually good for them.Here is a very personal example. As a parent I believe it’s in my daughter Abigail’s best interest to abstain from sex for many reasons. But those are my reasons not hers and that means they might not last very long. When she was a freshman in high school she met a nice guy who was a senior and although they were not “boyfriend and girlfriend” they were more than just friends. A short time after going to college he said it would probably be best if they didn’t keep going like they were and Abigail was crushed. Perhaps you can remember the feeling from your first love.Sometime after that Abigail and I were driving somewhere and the subject of sex came up so I asked her, “Why do you think it’s wrong to have sex before marriage?” Right away she said, “Because the Bible says so.” So I asked, “Why do you think the Bible says so?” Immediately she replied, “Because God says so.” I probed more, “Why do you think God says so?” She was stumped so I asked, “Remember how bad you felt when he broke up with you? All you did was hold hands and have intimate conversations. How do you think you’d feel now if you’d given yourself to him?” I could see from the look on her face that she got it in the deepest part of her being.I went on to tell her when God, the Bible or her mom and I ask her to refrain from things it’s not because we don’t want her to have fun. On the contrary, we love her and want her to love life and enjoy it to the fullest! With more experience under our belts we know the pitfalls of the decisions many teenagers make. We talked more about sex, marriage and relationships and as we did so she was generating her own reasons for her behavior.Will she always do what her mom and I think is best or right? No, but then again, we’re not the final arbitrators on right and wrong, good and bad. And it’s been interesting to watch her grow up and make choices at her young age that are far better than we made at that age…and perhaps well into our 30s.So the takeaway for you is this – be careful about what you restrict and how you go about it. When you do have to make certain restrictions be sure to help the other person generate their own reasons because that will lead to better, longer lasting behavior.P.S. I wrote this during the flight home and not being able to recline was a non-issue.Brian Ahearn, CMCT® Chief Influence Officer influencePEOPLE Helping You Learn to Hear “Yes”. Cialdini “Influence” Series! Would you like to learn more about influence from the experts? Check out the Cialdini “Influence” Series featuring Cialdini Method Certified Trainers from around the world.

The Social Influence Consulting Group Blog April 27, 2014

A lesson from Dr Seuss

Sr Seuss On a bet from editor Bennett Cerf, Theodor Seuss Geisel, better known as Dr Seuss, was challenged to write a book using just 50 words. Not one to shy away from a challenge Dr Seuss used exactly 50 – not more not less. In that master stroke Dr Seuss won the $50 bet, which Cerf never paid, and the book Green Eggs and Ham went on to become one of the most acclaimed children’s books of all time.

The 50 words, by the way, are: a, am, and, anywhere, are, be, boat, box, car, could, dark, do, eat, eggs, fox, goat, good, green, ham, here, house, I, if, in, let, like, may, me, mouse, not, on, or, rain, Sam, say, see, so, thank, that, the, them, there, they, train, tree, try, will, with, would, you.

But what has Green Eggs and Ham got to do with influence?

Marcus Tullius Cicero, philosopher and statesman said,

“If I had more time, I would have written a shorter letter.”

Often we sit down and type an email because it’s faster. But is it really?

We type, edit, reedit and often times it becomes a work of art. One you are proud of, confident you have covered all of the necessary points. But it doesn’t have the impact you had hoped. Why not? Are the recipients daft! Can’t they see how well crafted this email is. The blood sweat and tears you have poured into it, just to make it perfect.

Or you take weeks creating the perfect presentation for a pitch, briefing or proposal. You focus on the technical aspects, provide the best graphics and on presentation day – it falls flat! WHAT?????

In short, you are over cooking it.

Too often we forget to ask ourselves the most important question first.

Who is my target of influence?

Then we need to ask

What do they know?

What don’t they know?

What do they need to know?

So coming back to Dr Seuss. Writing simply is not as easy as it sounds but the impact is dramatic when done well.

The same can be said for presentations.

Focus on the target of influence and remember it is the small things that can make a big difference.

Ask questions and listen to the answers. Align your presentation to the commitments the target of influence has previously made. Show them what people like them are doing. Show them you have shared goals with them and want to cooperate because you like them. Give the gift of your knowledge and expertise but don’t over do it; the gift of listening and being truly present may just be the critical difference. Don’t beg and show them what they stand to lose especially if they do nothing.

In short; keep it simple but focused. Choose the appropriate method of delivery and keep it simple.

Dr Seuss only used 50 words and yes Sam-I-am got his unnamed co-star to try green eggs and ham but it is not a simple text to read.

Sometimes the best email is a phone call, the best presentation is a conversation, the best persuasive text is not more than a couple of well thought out and well delivered lines.

I am often guilty of overcooking it and one line that I remember and practice daily is

“Get it down and then get it great”

This line is not mine. It belongs to Paul Jones, copywriter and Persuasive Writing guru at Magneto Communications. Paul runs a number of Persuasive Writing courses and would encourage you to look him up.

If you have some examples of where you have overcooked it don’t be scared to share and let me know what you have learned as a result.

Any yes I could have summarized this entire post by saying “Keep it Simple” but that is not something Dr Seuss would say now is it!

The post A lesson from Dr Seuss appeared first on Social Influence Consulting Group.

The Security Dialogue Blog April 26, 2014

OPINION: Why Does It Suck To Think Like A Good Guy In Security

Day after day, on social media and elsewhere on the Internet, there are lots of folks who are seemingly shocked every time a bad guy shows up and acts like a bad guy. Seriously, how many times have you read or seen “I can’t believe Suspect A was able to murder all of those people” or “If only they (security) did XYZ like I thought of during a conversation with my veterinarian who may have been in the military, that bad thing wouldn’t have happened”? I see it quite a bit and frankly, I’ve decided it may be time to finally add my .02 about it.Those of us in security who have spent some time studying “the threat” (insert whatever scary bad guy you’re dealing with) understand what few who haven’t studied it don’t. No matter how awesome your protective measures are, they do little to mitigate (and certainly not “prevent”) the attacker unless you start thinking a bit like they do. Herein lies the fatal flaw of most “white hats” and even some “grey hats”.You think of attacks in ways that you would conduct them. No offense but if you’re protecting yourself against robbers but know relatively little of them, you may be looking to deploy solutions which don’t work against that threat. One of the most painful things any security professional can hear when doing a site survey with a client from the client is “If I were the bad guy, this is how I would do it.” More often than not, it is not how the bad guys would attack. Think security cameras in homes. Most people will deploy a camera at home with the thought the camera provides an extra layer of protection when in fact it doesn’t. I have known several victims of home invasions who either had cameras installed or had an alarm sign out front. These are two commonly deployed deterrence tools that we know don’t work. Instead, focus on the problem as if the bad guy would ignore the deterrence measures (because he will because we have little proof he won’t) and proceed with the attack and use things like cameras as after-incident mitigation tools to catch the perpetrator later.You think of your threat as one-dimensional. Most good guys see their threat based on commonly accepted precepts of what the threat is and how he has attacked in the past. Just because the bad guy only hit you or the other guy using one vector doesn’t mean he won’t try something different later. A great example of this is 9/11. Prior to the second World Trade Center attack, there were common beliefs that terrorists were only capable of performing certain kinds of attacks. What no factored in was changing realistic threat capabilities. In other words, we assumed the threat wasn’t evolutionary in his tactics. Seriously, who could’ve imagine having to protect a building against two near-simultaneous aircraft crashes? Perhaps we could have had we accepted the idea that as we change so does the threat.You think the threat is omnipotent and omnipresent. It’s easy to get caught up in the hype of a threat. I do it sometimes. This is a natural defense mechanism after an attack has occurred. Why? No one likes to have their vulnerabilities exposed. After every mass shooting or act of violence that makes the news, we assume every venue that is like the one that was attacked is also vulnerable and being selected as the “next” target for another perpetrator.I remember fondly working on 9/11 on a small Air Force base on a perimeter patrol. What I recall the most are the initial attitudes people had of al Qaeda. We believed this one attack displayed a level of sophistication unseen by them before on US soil could be replicated on a massive scale. Every Muslim, ignorantly, was assumed to be a sleeper agent waiting for cues from “Muslim HQ” to attack us wherever and however they chose. The months and years ahead showed how far from the truth that was. Imagine how many countless resources were expended before we realized the fallacy behind this assumption.You think your attacker “chose” you for a variety of reasons he didn’t. People almost always assume an attacker chose to attack them or others for reasons they didn’t. Rape is commonly thought to be a crime of lust because good people believe sex is the only reason you rape because it’s the end-result. However, most criminologists and psychologists would agree rape is a crime of power. I would argue the majority of crime takes place for this very reason. Terrorism occurs because of this as does murder (what’s more powerful than ridding yourself of someone permanently), drug dealing, fraud, and a host of other crimes. You’re either fighting to obtain it (i.e. steal it from someone else) or committing crime to become more powerful. This confusion could possibly explain why most crime “prevention” measures based on policy fail at alarming rates – we’re clueless on what truly motivates people to attack us.You assume because you haven’t seen the threat, he must not exist. Whether we see the threat or not, we should never assume he does not exist. While the threat can’t be everywhere every time, the threat can still be very much. Never assume the absence of threat means he or she isn’t going to show. You still need to adequately protect your assets as if today is the day you’re going to be attacked. Remember, the attacker chooses the time of attack. You choose how well-prepared you’ll be when it happens.I’m not proposing anyone go out and hire a red team. I firmly believe one of the reasons we, often, fail so miserably at security sometimes is due to our natural inclination to think the bad guy thinks like we do when they don’t. So how can we fix this?Study your adversary. Seriously, pour over any open source intelligence you can on your threat. Read the paper and look for crime stories. Pick up a police report or two on similar venues like yours. I’ll leave how you conduct your research to you. Just do it. Stop assuming blindly how the attack will go down or even who your adversary is.Consider hiring folks who can think like attackers. I’m not saying you hire criminals but red teams hire specialists who can mimic attackers. Choose folks from a variety of backgrounds to round out your security team. By the way, by “background”, I’m not talking education. I mean pick a team with a variety of specialists.Test your systems with exercises. The only way you’re going to learn is by testing how well your security program holds up against an actual attack. Consider doing this with little to no notice and have an after-action or “hot-wash” debriefing with your red team and affected staff right away. Finally, fix the vulnerabilities as soon as possible.Reward outside the box thinking. When I was a young boy, I recall my fondest memories were playing games like “hide-and-go-seek” with my friends. The guys who were the most creative were the best at this game. Why? Because they were unpredictable. I’ll leave how you choose to reward these folks on your own. Just do it.