Be Aware, Never Scared
If you do not use our…, if you click that link.., if you don’t change your password….
Have you heard these phrases from cybersecurity professionals or marketers before? I am sure you have.
This strategy is called FUD (Fear Uncertainty and Doubt), frequently used when marketers are trying to convince you that without this new security device/service you will never be safe. This fear-based approach is used to capture someone’s attention and activate an immediate reaction. This approach might be a good strategy for information that does not need to be retained for a long time, but not for changing peoples security habits.
The DUI, tobacco, health and fitness campaigns are some examples that nave proven that using fear to change peoples’ bad habits doesn’t work.. Therefore, using fear is not the most effective way to modify user’s security habits to promote permanent changes.
The goal of Security Awareness is to embed information inside the user’s mind, so they do not engage in actions that increase the company’s security risks. So, stop using FUD and concentrate in other awareness strategies.
We need to recognize that in the business world, keeping the employees thinking that security is important takes more than scare tactics. The solution for an effective security awareness program is to incentive employees to do the right thing when presented with a security decision.
After a spam campaign, highlight employees that reported the suspicious emails, and were not fulled by the urgency or the conveniently included email link. Do not shame the group of employees that clicked the fake link.
Use a Carrot, not the Stick
Not only incentivizing the employees is important, publishing the right actions to the rest of the company helps enhance security awareness. Positive re-enforcement helps promote good behavior re-occurrence.
Conclusion
Fear doesn’t promote permanent changes, the way to change user’s views of security is by making security part of the community. The surroundings and the actions of others around you influence habits.
