You may know the feeling of trying to implement a new diet or begin a new fitness regimen only to fall short of the goal. Especially this time of year, full of unfulfilled New Year’s resolutions, it’s easy to know the familiar feeling of being momentarily motivated, then repeatedly frustrated. In hindsight, you may ask yourself: “was it really life-changing when my trainer said, ‘stop eating junk food?’ or ‘go run a mile?’” The short answer is of course not.
When you look at the individuals who change their lives to lead more healthy lifestyles, they collectively tell you that when they were inspired to live sustainably well, they started to see a much bigger picture on the pathway to change. Instead of doing one behavior at a time until they were apathetic or regularly frustrated, they were inspired to subscribe to a whole new set of behaviors and plan each day full of small, consistent, repeatable habits. Instead of saying “I just need to run more,” they begin to say, “I’m the kind of person that loves to be healthy.”
This is groundbreaking insight when applied to security awareness.
For years, people have been told “think before you click” and “set stronger passwords” without understanding the bigger picture. They ask themselves: Why try when I’m up against a super cyber criminal? How am I even a risk in the grand scheme? Why does this behavior even help anyway? Or they search online for quick answers to cope with security stress without context, background or meaning. Is it any wonder repeated cybersecurity frustration sets in as the cultural norm?
As Niklas Göke points out: “Often, changing your perspective is the simplest way to change your life.” This is a massive opportunity. We can leverage it by focusing, not on the content, but on the consequences of entertaining certain beliefs. Something else entirely happens when end users are treated like real human beings. When given the bigger picture, the feeling of freedom online and achievable goals of getting there, they desire to lead more secure lifestyles. They ASK for the tools to make better decisions and TELL you about suspicious activity observed in person or on network. And if users are made aware of the implications of their actions, they are far more likely to take advantage of the control they do have over their digital domain and exert it in a way that matters.
In time, people become your best, most trusted sensors.