Working with organizations around the world, I’ve witnessed awareness programs struggle to inspire behavior change. Before blaming employees for being “too lazy” or accusing them for not caring about security, Its time we dig a little deeper. People aren’t actually the problem. It’s security policies, procedures and behaviors that are at the root of the problem.
Ultimately, if we want to make cybersecurity globally accessible, we have to make it simple.
Key findings in behavioral sciences, such as the BJ Fogg Behavior Model, remind us that if we want to change a behavior, that behavior needs to be as easy as possible. Security policies and procedures are generally developed by highly technical people. As a result, those policies are often confusing, intimidating, or just too difficult to execute, such as password complexity or expiration. And with the holiday season here and with Smart Home Devices at the top of wish lists, this is a perfect time to instill safe home practices at home.
Here is a rather personal example of how security automation can work against you. We recently had to change the password for our Wi-Fi network at home, which meant we had to change the password on every device in our house. Computers, phones, Alexa, thermostats, cameras, you name it.
While this would have been a no-brainer three years ago, it is becoming increasingly painful in today’s world. As IoT and Smart Home Devices become part of our daily lives, cybersecurity is more than just protecting data, it becomes part of protecting our lives. For example, here are the steps we had to follow to update the WiFi network password on our Nest Protect devices, which are devices used to detect smoke and carbon monoxide poisoning within the home. The steps were beyond tedious.
What I want to emphasize is that if we want people to be secure, we have to drop the “you can’t patch stupid” outlook and start taking a hard look at ourselves. Let’s stop blaming others and start investing in making security as simple as possible. Complex steps like these are not helping to make spirits bright or our homes any more secure.
It’s been a long, hard year, filled with breaches and phishing. But during this season of giving, you’ve got the power to keep your season jolly and free of slacker hackers. Send them straight to Santa’s naughty list.
The biggest gift you can give this season is protected data.