With cybersecurity issues, it’s especially important that users understand the information provided by IT and leadership. Here are tips on dealing with the “curse of knowledge.”
The curse of knowledge is a well-known concept to those steeped in psychology, but likely unfamiliar to the rest of us. That’s too bad, as not understanding what it means and how it affects us can lead to lapses in a company’s cybersecurity.
We may not know the term, but we all have been involved in situations where the curse of knowledge has been in play. A common occurrence is when C-level executives give speeches at a company-wide meeting. C-level jargon is typically very different from that of someone operating a piece of manufacturing equipment. If the executive is unaware of that, it won’t be long before a majority of those in the audience will be zoned out due to a lack of understanding what the speech has to do with them.
Wikipedia defines the curse of knowledge as, “A cognitive bias that occurs when an individual, communicating with other individuals, unknowingly assumes that the others have the background to understand.”
“The problem is that once we know something–say, the melody of a song–we find it hard to imagine anyone not knowing it,” writes Chip Heath and Dan Heath in their Harvard Business Review article The Curse of Knowledge. “Our knowledge has ‘cursed’ us. We have difficulty sharing it with others, because we can’t readily re-create their state of mind.”
SEE: Quick glossary: Cybersecurity attack response and mitigation (TechRepublic Premium)
What can you combat this curse?
To beat the curse of knowledge, the Heath brothers suggest using concrete language, as well as storytelling. A story format is a great way to illustrate something complex. As to why, the Heaths and other experts believe storytelling forces the use of understandable language and concepts.
To explain, the brothers enlist a story used by FedEx training departments. The story describes a FedEx driver who so firmly believed in the slogan, “‘absolutely, positively’ arrive overnight,” that when her truck broke down, she persuaded a competitor’s driver to take her to her last few stops.
“Stories like this are tangible demonstrations of the company’s strategic aim to be the most reliable shipping company in the world,” writes the Heaths. “A new delivery driver can use the story as a guide to behavior: ‘My job is not to drive a route and go home at 5 PM; my job is to get packages delivered any way I can.'”
SEE: Quick glossary: Cybersecurity attacks (TechRepublic Premium)
How does this pertain to cybersecurity?
For any issues pertaining to cybersecurity and surviving a cyberattack, it’s paramount that everyone at your organization share a common understanding of cybersecurity strategies and use language that is understandable by all when discussing the relevant technology and policies. That’s the goal at least. Sadly, there are far too many examples of the opposite being true.
When you have a tech issue, who do you prefer to ask for help and why? For example, let’s say you prefer working with Karen and not Mike. Karen understands this is not your field of expertise and explains what happened and what to do in comprehensible terms. On the other hand, Mike may be thoroughly familiar with what’s wrong, but he usually explains why and what to do in language that only computer technicians understand.
It is easy to see that Karen avoids the curse of knowledge, whereas Mike does not. I suspect that with a little effort and awareness about the language he uses and how he presents the information, Mike also would be someone you did not mind working with.
A wise mentor once said, “Just remember, without the employees you are supporting, you would not have a job.”