Hook, Line & Wordle — What Wordle Can Teach Us About Cybersecurity Influencing
When you’re interested in how to influence good security behaviours it can help to learn from behaviours that have organically gone viral. Early in the pandemic, sourdough bread baking made its mark for many on their ‘New Hobbies in Lockdown’ list. Come early 2022 and the web-based word guessing game Wordle has taken the reins of what might well become the list of ‘More New Hobbies to Pass Time While Constantly Wondering Are We There Yet?’.
What Is Wordle?
In a nutshell it’s rather like the Mastermind board game of yesteryear, but online and with letters — oh and now a cult-like online following. If your social media feeds haven’t exploded with posts containing lines of random patterns of green, yellow, and grey square icons, accompanied by a simple statement like “Wordle 224 3/6”, then maybe there’s still some viral to go! Evidently the New York Times are backing the phenomenon to be around a while longer, having purchased the site for a seven-figure sum.
There is a method to the madness of these rarely used icons (honestly, did you even know they were in the emoji menu?) seeing their moment to shine. Every day a new five letter word is up for guessing on a currently free to access website. If you get a letter right and in the correct position it goes green, correct letter wrong position it’s yellow and wrong letter it stays grey. You have six attempts to use your growing intel on the letters, and their placement, to guess the word du jour. The popularity of the game skyrocketed when the creator Josh Wardle (yes, his last name inspired the game name) added the ability to share your result to your social media platform of choice.
A friend of mine recently scored a 2/6 from a one yellow, four grey, first attempt, he claimed “If 4 guesses is par, I just got an eagle”. I’d suggest it was sheer luck myself, but here’s the thing — people who play Wordle are all pretty decent it seems, no spoilers and lots of support. There are tips and talk of the best first words to guess to help optimise your chances, sympathising on a x/6 when “that was a hard one today” and “nice work” when you get a 3/6 or less. Another friend of mine even set up a Facebook group just to chat all things Wordle strategy. It seems hard core Wordlers want to share but not spoil the fun.
What Can We Learn from Wordle?
With my cybersecurity influencer hat on, I wanted to share three observations that I’ve made since being a Wordler. Maybe they can help in the quest to get people excited about a cybersecurity first culture in the workplace.
- Keep it simple, and hard enough to be satisfying.
Wordle is a simple game, delivered in a simple fashion, with simple feedback and a simple way to share results. The puzzle itself is hard but not too hard. People tend to prefer feeling clever over defeated. Cybersecurity can seem pretty complicated, mysterious, and scary to many* and there is definitely an element of genius required in the technology that keeps us safe online. However, we must not lose sight of the fact that some simple human behaviours continue to pose massive security risks. Getting people excited to be part of a human firewall forms a big opportunity to reduce risk. - Keep it interactive, it’s about the journey.
Wordle takes you on a visual journey to help you solve a problem, you’re given instant feedback like breadcrumbs that lead you to the TOAST. By keeping the process interactive we can take people on a journey to better cybersecurity behaviours, to lead them to acting SAFER online. It’s time to move away from just thinking an annual mandatory training module is enough, we need to regularly keep people informed and interested. Influencing is a process not an event. - Create conversation, community, and common goals.
People like to share, we are a social species. Wordle is showing us we like to be part of something, it’s created a sense of community. We need to make cybersecurity messaging engaging, plant seeds that get people talking amongst themselves. Billions of people are interacting online at home and/or at work and we need to come together over conversations rooted in a common goal to lower our risks online.
Cybersecurity influencers need to find the sweet spot of activities sufficiently hard to engage people whilst ultimately leaving them feeling like they accomplished something that makes them feel cleverer, and safer. Find the hook to reel people in on the journey and enable them to share. A great place to start is to check my SEEK colleague’s fabulous Open Source Cyber Scavenger Hunt!
Influence is best done in a ripple. You don’t need ‘cybersecurity influencer’ in your job description to help the cause, cybersecurity is everyone’s responsibility at work and at home.
Further Resources
The Security Collective Podcast ep #64 — The 14 Day Security Challenge with Paul De Arajo
The Human Factor in Cybersecurity
The Evolution of Cybersecurity — Human Risk Management
* In part thanks to the perpetual use of branding involving a ‘hacker in a hoodie in a dark basement full of monitors filled with, to the untrained eye, gobbledegook’. So, take this as a bonus observation from the soap box, it’s time to ditch that image, ok, please, thanks.
