Building a Security Awareness Program to Help Defend Against Cyber Extrotion and Ransomware

Issue link: https://insights.oneneck.com/i/1476867

Contents of this Issue


Page 3 of 9

3 Motivation Fogg's Behavior Model highlights three core motivators: Sensation, Anticipation and Belonging. Each of these has two sides: pleasure/ pain, hope/fear, acceptance/rejection. These core motivators apply to everyone; they are central to the human experience. The list below outlines suggested interventions to trigger people's motivation: • Tapping into people's emotions by using visually appealing content, engaging with humor and story-based techniques, will activate positive sensations. ○ Caveat: Humor is a great technique to grab people's attention, evoke positive emotions and help with memory retention. However, it has to be applied carefully and with a sensitivity to the audience's cultures, or else it can backfire. Also, it should not be used too much, as it could result in the audience not taking the core message seriously enough. • Fear can be a powerful motivator too. But too much of it can result in apathy and needs to be underpinned with the notion that it is simple to defend. Show people how to defend themselves. Give them the knowledge and/or tools to feel empowered rather than afraid. • Using the power of leadership or celebrity to tell stories invokes a sense of belonging. • Making it personally relevant by providing information on how to protect family members. • Happy people make secure people – communicate that phishing simulations are not there to trick people, but a training exercise only. Work on building a trust relationship between Security and the rest of the community. • Recognition to drive participation. For example, public shout-outs by the CEO if someone reported a significant potential threat. • Competitions and rewards such as phishing tournaments whereby participants can win if they report a specific number of simulated phishes over a certain period of time. Ability BJ Fogg says that training people is hard work, and most people resist learning new things. That is just how we are as humans. Giving someone a tool or a resource that makes it easier to do helps break down that barrier. A great example is a password manager. It takes care of desired behavior and simplifies the complexity of having to remember multiple unique passwords. So, when running a ransomware awareness campaign, we need to ask ourselves where are opportunities to provide tools that make it easier for people to stay safe? For example: • Games to "train" the spotting of phishing attacks in repetitive ways that convert knowledge into intuitive situational awareness. • Equip people with tools such as phish-alert buttons, password managers, home security, etc. • Simple how-to guides and short explainer videos or training modules.

Articles in this issue

Links on this page

Archives of this issue

view archives of eBooks/eGuides - Building a Security Awareness Program to Help Defend Against Cyber Extrotion and Ransomware