9 Ideas for Cyber Security Awareness Month
If you own, run, or work at any sized company–with the threat landscape today, you should be thinking about the company's cyber security strategy....
Cyber security leadership is in a bind. How do you create a culture of information security amongst your staff that not only influences behavior in the office but everywhere else too?
It’s far more difficult to influence a person’s intrinsic sense of right and wrong by organizational governance if elements of that governance conflict with the basic cultural values instilled during childhood.
And what’s more, effective cyber security isn’t only about behaviorin the office anymore. In our always-on, everything-connected world, what your staff does at home and online in their personal time, dramatically impacts the susceptibility of your organization.
“I think most people would agree that extending the scope and detail of organisational governance to dictate behaviour 24x7x365 for all their employees everywhere is not reasonable, nor would it be received favourably if it were even legal.” Kathryn Brett Goldman CEO and Founder, Cybermaniacs
It’s all well and good to talk about “creating a cyber security culture”, but how do you create a cyber security culture in each of your employee’s homes and their surrounding community?
Well, that’s a problem with a different order of magnitude. But you have to tackle it. You can’t simply say, “Right, we’ll govern their behavior at work and on work devices, and that will keep us safe.”
The intersections between family activities and work devices or work e-mails and personal devices, are too many to ignore.
Marketing and advertising science can offer clues as to where we go next in terms of compelling people to change their behaviors to be more cyber-safe. When they want to change someone’s behavior, usually to compel them to buy more, switch brands, or sign up for a service, they tailor their message to their target demographic.
They learn all about the needs, interests, desires, fears, and trigger phrases that compel that target demographic to act. Then they shape their messaging to hit all those hot buttons and sit back and wait for the results. The good news is they’ve been doing this type of experiment for decades and there is oodles of data out there about how to shape your messaging to influence certain types of people.
“But wait!” I hear you cry. “There are all kinds of different people in my organization, from all types of cultural backgrounds. I can’t possibly a message that caters to all of them! Dammit, Jim, I’m a cyber security professional, not a marketing guru!” First of all, stop calling me Jim. Second of all, you are exactly right.
You can’t shape a single message style and tone to fit all people. So why then have you continuously rolled out the same cyber security training, with the same “harbinger of doom” tone and the same warnings about the coming apocalypse of hacking hell ready to rain down on our heads if we don’t increase the complexity of our passwords….EVERY….SINGLE…FREAKING….TIME you communicate about cyber security awareness?
All the people in your organization who respond well to warnings about future problems and react to a call to arms to defend the perimeter against the invading hacking hordes have been reached. They’re good. They’ve got it. The media has created a tailwind for us with those people. They are locked down and ready to rumble.
But what about other people that scientifically in cultural and sociological studies have, without a shadow of a doubt, been PROVEN to respond to more positive messaging? What about those people? Well, you need to seriously think about changing up the messaging and changing the tone.
How about working to empower people, make them feel part of the solution, part of a winning team? Try to, (dare I say it?…dare I must…) make them laugh and feel good about engaging with cyber security best practice behaviors. That’s right. Lighten up, Francis. Tell a joke or two and you just might reach another cohort of people in your organization and land your message. Just make sure you tell good jokes….
…. haven’t got any of your jokes? Maybe we can help.
If you own, run, or work at any sized company–with the threat landscape today, you should be thinking about the company's cyber security strategy....
10 min read
GAPS iN cYBER sECURITY rEMAIN oNE oF tHE mOST cHALLENGING iSSUES fOR smALL bUSINESS OWNERS Small businesses bear 43% of the brunt of cyber-attacks,...
6 min read
Inconceivable! In Rob Reiner’s masterpiece, The Princess Bride, Vizzini distinguishes himself by repeatedly denying that the events ultimately...
7 min read