The Problem with Cyberhygiene

Cyberhygiene Dangers

It is a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it is introduced to us by others. In the simplest of examples, imagine a sign, placed next to a surface, that reads “Wet Paint.” Out of 100 people, how many do you think will touch the surface to see if it is indeed wet? The answer is always more than 50%.

This condition has a name, unsurprisingly called “Wet Paint Syndrome.” It springs from the idea that, when confronted with a situation demanding compliance, there will always be a proportion of a population that will reject the instruction, for one of a few reasons:

  • Belligerence – the refusal to be told what to do, resulting in a directly opposite reaction: You tell me not to touch the paint, so I will touch it.
  • Individual disbelief – the sign might be old, and the paint might already be dry, so I will check it myself.
  • Collective disbelief – I saw that person touch it, so I am going to touch it.
  • Cultural disbelief – the sign is fake news.
  • Ignorance – I read the sign, but the warning did not register with me as something I should pay attention to.
  • Reflex– I read the sign and, without thinking, touched the paint anyway.

Humans are guided in part by instinct and reflex. If we cannot perceive danger through our physical senses, then we cannot process it accurately. A poisonous snake, spoiled milk, the smell of smoke or the image of a pool of human blood – these are stimuli that make most people recoil. These forms of danger are accepted as real.

Cybersecurity: The Invisible Threat 

When it comes to cyberhygiene activities, the threat we seek to avert seems, to many end users, to be invisible or inconsequential. It won’t be until the actual moment when a computer screen freezes and reveals a ransomware notice that the dangers of lax security become real.

People are suffering from alert fatigue. People have grown tired of repeated requests to update their passwords and so they simply modify one digit, upgrading from “Mary123” to “Mary124”.

But here’s the kicker. When offered the opportunity to use a solution to these tedious chores, such as a password manager, people recoil even further. A password manager is an app that generates passwords out of random character strings such as 86vPH*r1en@2@4FH. These are extremely difficult and time-consuming for hackers to guess but are equally difficult for people to memorize. But when it is explained that they do not have to memorize them at all, and that the password manager simply fills them in when needed, people push back. The comfort they feel in being able to remember their passwords exceeds that of having infinitely more secure passwords they can’t memorize.

Any security specialist who has tried to explain password managers will have experienced this sort of pushback. They will likely have stopped short of trying to explain exactly how password managers encrypt passwords at a device level using a salted hashing technique where none of the components, including the master password, actually are stored by the password manager itself. This is a type of dark magic that makes most peoples’ eyes glaze over.

Password Iq Cloudtweaks

Cybersecurity Expertise Includes Some Psychology

The point is that people in general cannot sit comfortably with change because change means confronting the unknown. Cybersecurity specialists must realize just how fragile the human instinct is when they frame arguments around safety and security protocols. Sometimes it all comes down to change resistance when they hear comments like “how can I trust a password that I can’t memorize,” or “back in my day we never needed Two Factor Authentication, so I’m not using it now.

Just like a rapidly spreading virus, all it takes is one person to make that initial contact with an infected email link to penetrate the defenses of an organization and the organizations it is connected to.

A cybersecurity specialist’s portfolio of skills must include some psychology, which can be transformed into empathy, change management and communication skills. Although a central pillar of the job is to be proactive, success in the security field will not be complete until we recognize just how incompatible the concept of proactivity is with the day-to-day priorities of end users and frame our communication strategies around this.

For more information, read the Proactive Cybersecurity Beyond COVID-19 white paper.

By Steve Prentice

Ramanan GV

Establishing a Unified Governance Model for the Digital Workforce

Increase visual control and reduce OPEX by 30% The Digital Service Providers (DSPs) are riding an automation wave. Painful manual tasks, which burdened staffs for ages, can now be easily handled by the software bots ...
File Photo Of Facebook Ceo

533 Million Facebook Users Had Their Data Stolen and Leaked Online

Facebook Data Stolen and Leaked Online On Saturday, April 3rd, a user from a hacking forum published the personal data from more than 500 million Facebook users. The hacked and published data were available at ...
Wasabi

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the cloud as "bottomless," and disputes peoples' assessment that data is ...
Ransomware Hostage Prevention Tips

Ransomware Hostage Prevention Tips

Ransomware Prevention Tips (Updated: 09,24,2020) Ransomware can bring your business to its knees. Whether it comes as a system- or network-wide infection, it can do a severe damage to your company. Attacks are at a ...
Thomas Franklin

Future of Stock Markets : Raising Capital Through ICO is 10x cheaper and 20x easier

Future of Stock Markets: Raising Capital Through ICO How blockchain will replace the stock markets as we know them today. Welcome to the future. It’s a beautiful Monday morning of 5th June, 2023. Jane wants ...
Chris Collins

Why Cloud Technology is a Smart Business Move for Higher Education

Higher Education Technology Cloud technology is not just for the world of big business. A growing number of higher education institutions are also embracing the cloud’s many advantages, especially for its data gathering and analytics ...