7 Essential Steps for Cyber Security Behaviour Change

7 Essential Steps for Cyber Security Behaviour Change

Emma Weber

I started this blog post after I returned from presenting at EduTECH in August this year, and the Optus security breach has put it back at the top of my agenda. We’ve been hyper-focused on security at Lever since introducing Coach M five years ago. I know more now than I ever knew I didn’t know! It’s a chance to keep getting better at every turn.

One of the sessions I most enjoyed at EduTECH was a panel called  Why Cyber Security is Vital, not just for students, but Australia at large. It really sparked my thinking.

I’m not sure whether the panel member from the Australian Curriculum, Assessment and Reporting Authority (ACARA) was joking or not, but she shared that, as in the past, when kids would join crime ‘gangs’ to be trained in how to deal drugs, now they could join and be trained in cybercrime!

The story jolted me into the realisation that cybercrime is as real as someone breaking into your home or snatching your handbag! You wouldn’t leave the house without locking your doors—or using one single key for every door/window/vehicle you ever owned! You hope it will never happen to you, but it’s systematic and indiscriminate for the victims. The attacks can be organised and coordinated by professionals in their field of crime. For some, it’s a job.

The key to cyber security isn’t just knowing about it – it’s about changing your behaviour in a holistic way so you don’t get caught out either at home or at work.  You need to change what you are doing—and here’s where my interest is piqued!

Here are some steps that will help make your behavioural changes in this area easier.

Focus on the do’s, not the don’ts of cyber security (or any behaviour change for that matter!).

This is another idea from EduTECH. Richard Culatta, CEO of the International Society for Technology in Education (based in the US), was in Melbourne. He spoke about getting children to focus on what they WILL do, not what they WON’T do when protecting themselves. His book, “Digital for Good: Raising Kids to Thrive in an Online World,” has a model that helps kids learn what to do. I think we could all take something from his ideas.

  • Be balanced: understand when and how much tech use is healthy
  • Stay informed: discern between true and false information
  • Be inclusive: treat others with respect and kindness online
  • Be engaged: use tech to strengthen family relationships and community connections
  • Stay alert: exercise caution and create safe digital spaces for others

 

Find your “why” and make it powerful to you

Whether it’s facts or figures that are propelling you or a moral reason, give yourself a purpose to make it happen. Looking at the stats of password security is one of the tools we use internally to stress the importance of having 12-digit, randomly generated passwords.

7 Essential Steps for Cyber Security Behaviour Change ( Security Org )

Tell a story that resonates to propel you to action-the simpler the better

At the conference, I learnt that when kids are being taught to be cyber-safe and start using passwords, they are given the analogy of riding a bike to the park to play. When you arrive, you need to take two minutes to chain up your bike. Yes, it’s a bit of a hassle and takes a small amount of effort, but it means your bike remains safe and doesn’t get stolen. You can then go off and play with your friends, get fully caught up in the games of the day, and you will return to find your bike exactly where you left it. So the lesson is that it takes a small amount of effort to keep things safe, and of course, if you deal with handling people’s data, as many of us do at work, it can take significantly more effort at a strategic level. The key is to take small steps each time to stay safe.Create a safe system that works for you. Turning the clock back a good few years, it wasn’t unheard of to have a Post-It on a computer with passwords on it. We all now know that can’t happen. Full stop. On a business or personal level, make sure you have systems in place (e.g. a password vault) that make it easier to be secure.

Stay current

Just because it worked in the past doesn’t mean it’s future-fit—create a calendar invite to review your personal processes regularly. Buddy up with a colleague or a friend and hold yourself accountable for your review.

Blog Banner

Take ownership

As with any behavioural change, it’s very easy to think someone else will look after it. Cyber security is not an IT issue; whether you are in a small company like ours where we each wear different hats or a large organisation, everyone has a key role in cyber security. Make sure you play your role and take ownership of it.

Face it! Sometimes with behaviour change, it’s about being brutally honest with yourself

Are you really doing everything you need to to keep up with cyber security? Have you taken full ownership? Are you doing enough? Do you have a niggle internally that says you are cheating yourself as you answer these questions? Whether you have a high level of psychological safety in your team or not, you can still answer those questions for yourself. I had to face my lack of exercise recently (having fallen into the bad habit of sitting at a desk for far too long). I’ve now got back to group training classes and feel better about it. What’s your cyber security equivalent? Do you have one or can you, hand on heart, say I have done everything possible?

To close, I’m keen that you focus on behaviour change to support your cyber security policies. Why wouldn’t you? In the meantime, I love that our dear friends at Mobile Coach have developed an off-the-shelf chatbot course on cyber security—it’s a very easy way to review and revisit what we all need to keep top of mind. Check out this page for more information. Mobile Coach

I hope you enjoy the tips for behavioural change and that it helps keep you and your data safe.

 

Emma Weber is a recognized authority on the transfer of learning. As CEO of Lever – Transfer of Learning, she has helped companies such as Telstra, Oracle and BMW deliver and measure tangible business results from learning. Emma has also been a guest speaker at learning effectiveness conferences worldwide and authored the hugely successful book Turning Learning into Action. Much more detail around the issues and solutions examined in this article are available in the book – please feel free to download a free chapter.