In summary, the purpose of a good cybersecurity awareness program is very simple. That is, allowing people to make better risk decisions. That sounds great, but achieving it can be something else altogether.
Not enough consciousness
I’m at that stage of my life and tell me that family, friends, doctors, and social media influential people should exercise regularly to see what I eat. I usually nod, but that’s it. This is a challenge for many awareness programs, and making someone aware of the problem is not enough to stimulate behavioral change.
This is where understanding human psychology, how it works, and how to introduce some of its concepts into cybersecurity awareness training can make a big difference.
What to learn from marketing psychology
Manufacturers approach products from two main angles. They ask people what they want and then create the product. Or, most commonly, they find a way to create a product and convince people that it is what they need. That’s where marketing comes in. In that respect, marketing is as valuable as manufacturing innovation.
Showing the value of security to employees and explaining why it is beneficial to participate in awareness programs is essential for incorporating real-world behavioral changes within the organization.
Experience is important
Consider a car when planning an awareness program. This is primarily a means of transportation, but travel speeds are limited.
If you can’t speed up your journey, you can increase the comfort in your car and create a more enjoyable experience. If your family car can provide a tablet and Wi-Fi charging port, it doesn’t just put an end to the “Are we there anymore?” Chant. But children may actually be looking forward to a longer journey.
How often do security awareness programs resemble endless, long and boring car trips? Employees can’t put it into words, but their inner dialogue asks when it ends and when they can return to their actual work.
Build a better security awareness program
Psychology has many elements that can be incorporated into cybersecurity awareness programs to make them more effective.
Video game makers create games that are easy to get started and gradually increase in difficulty. This is because if the game is too difficult, people will be disappointed and leave, and if it is too easy, they will not be able to challenge enough. People are smart and like to solve things on their own. Make sure your awareness program takes this into account and doesn’t patronize your employees or make things unnecessarily difficult.
2. Consistency for strength
Short and frequent topics can be better than long training sessions that take hours. Consistency is more important than strength. Think of your favorite TV shows and movies. Movies require a larger one-time investment of a few hours, but television shows can have shorter episodes that last longer and have a greater impact.
3. Get rid of negative stigma
In soccer (soccer to American), statistically, if you shoot straight in the middle, you are more likely to get a penalty. But if they miss, people don’t do it because they may look stupid. If the player kicks it left or right and the keeper saves it, they don’t look stupid. The keeper looks very good.
Part of building a culture of cybersecurity involves removing the stigma associated with the fear associated with having to report mistakes. Organizations can overcome this hurdle by making error reporting and attacks a positive experience.
There is no exact science
When dealing with people, it is important to remember that it is not an accurate science. There may be ways to accurately measure improvements and changes, but that’s not the only thing worth considering.
Therefore, although it may be displayed as 75 degrees in the weather forecast, it feels like 68 degrees. Weathercasters know that while science can accurately measure temperature and provide accurate numbers, it is not always the way humans perceive it.
The human mind is not like a computer that can patch software once and forget about it. Rather, it needs to be repeatedly involved and actively strengthened to bring about long-term change. To do this, we need to understand humans (if not more) as we do computers. This is because psychology is a widespread technology in the area of cybersecurity awareness.
How Psychology Can Save Cybersecurity Awareness Training Programs
https://www.darkreading.com/careers-and-people/how-psychology-can-save-your-cybersecurity-awareness-training-program How Psychology Can Save Cybersecurity Awareness Training Programs