3 Reasons You Don't Take Cybersecurity Seriously (Psychologically Speaking)
Have you ever left your wallet or purse on a table in a restaurant while you ran to the bathroom? Have you ever left the front door unlocked while you went to the grocery store?
If the answer to either of these questions is ‘yes’, there’s a good chance it wasn’t intentional.
We take the security of our personal belongings and home extremely seriously. So why can’t the same be said for our digital assets? For Cyber Security Month, we look into three deeply rooted psychological reasons for why most people take a laissez faire attitude to cyber security.
Then, most importantly, we look at what we can do to change these attitudes.
1. We’re not wired right
Human memory has limits. While some scientists believe that the brain has the ‘storage space’ equivalent of a million gigabytes (that’s enough to hold three million hours of television shows), the way we process information means that it’s not always easy or even possible to retrieve memories once they have been stored.
This has implications for our memory of passwords. The latest studies suggest the average person has 85 passwords across all of their accounts. However, being able to recall 85different passwords at will does not come naturally to us.
This is why we take shortcuts with our passwords. Even though we know we should create a completely unique and obscure password for every new digital account we set up, we cheat in order to accommodate our limitations.
The greatest digital sins we commit with regards to passwords are creating passwords using common words or number chains, then reusing those passwords – or slight variations – for multiple accounts.
Solution: make your wiring work for you
Research suggests that the human mind may remember phrases better than words when it comes to passwords.
Therefore, it can help recall if you build your passwords using the first letters of each word of a well known phrase.
For example: ‘You’re never fully dressed without a smile’ becomes the password YNFDWAS.
Try to avoid famous phrases such as ‘To be or not to be that is the question’ and try to make the phrase personal to you – for example, by using the first letters of each word of a secret such as ‘My guilty pleasure is watching British Bake!’ – MGPIWBB!
2. We’re impacted by our locus of control
Psychologists believe that human beings all have a locus of control and that that locus of control is either internal or external.
In layman’s terms, this means that people either believe they are in charge of what happens to them, or they believe that their lives are controlled by external factors.
A person’s locus of control can impact how they view cybersecurity.
If they believe that outside bodies such as internet providers and government bodies – or even a work IT team – is responsible for protecting them from cybercrime, then they may be less likely to take protective measures to protect themselves against it.
Solution: take a locus of control test
You can find out what sort of locus of control you or your staff have using a short test.
If you find out you have an external locus of control, you have two options. Firstly, you can work to change your locus. This Medium article features some handy tips on how to do this.
Hammer home the message to your team that protection against cyber crime starts at the personal level. You can do this by staring them in the facet and telling them so!
You can also create and share a checklist of best practices and make cybersecurity continuing education a part of annual personal and manager-level evaluations. The National Institute of Standards and Technology has compiled a great list of free options.
After all – data suggests that human error leads to as much as 88% of cyber crime.
3. We don’t appreciate the emotional impact of cyber crime
Most news reports and information articles on cyber attacks tend to highlight the financial and national security costs associated with cyber crime.
Check out these headlines…
‘Acer Faced With Ransom Up To $100 Million After Hackers Breach Network’
‘SolarWinds says dealing with hack fallout cost at least $18 million’
‘Colonial Pipeline paid $5 million ransom one day after cyberattack, CEO tells Senate’
While these sorts of messages may make interesting reading for the average Joe, they don’t contain a lot of meaning. It’s hard to relate to these sorts of stories.
So, we carry on with our poor cyber protection routines as usual.
Solution: consider the emotional fallout of a cyber attack
It won’t shock you to discover that experiencing a cyber attack is stressful. However, you may be surprised to find out just how stressful the experience can be.
One study split participants into four groups and each group was shown a video.
The first group were shown a video about waste water treatment, the second were shown a video about a non-lethal cyber security attack, the third were shown footage about a lethal cyber security attack, and the fourth were shown a video about a real world terrorist attack.
Following the screenings, the psychologists rated the stress levels of participants.
The results?
The people who watched the videos about the cyber attacks felt almost the same levels of stress as those who watched the video about a real world attack.
2.7 for the control group, 3.4 and 3.6 for the cyber attack videos, 4 for the real world attack footage.
A team of researchers at the University of Portsmouth, meanwhile, have found that cyber crime can have a similar emotional impact to real world crime like burglary.
Professor Mark Button who led the research team told technology news website ZDNet: “Some victims feel violated like it’s a physical attack. Many victims reported psychological impacts such as anger, anxiety, fear, isolation and embarrassment.”
Other research studies have found that experiencing a cyber attack can even lead to depression.
Ready to amp up your cyber security game?
Here are three quick wins…
- Check if your email or phone number have ever been in a data breach.
- Check your password strength with this free password checker. It runs on your local machine and does not send your password over the network.
- Make sure your website is protected by an SSL certificate.
For extra credit, consider website protection that doesn’t slow you down.
Don’t forget this month (and always) to Do Your Part and #BeCyberSmart !