(5 min read)
When we talk about ‘changing behaviours’ around cyber security, one of the things we focus on is helping people to develop new habits.
Getting into (and out of) the habit
Anyone who has tried to lose weight, stop smoking, go teetotal, start exercising or even reduce screen time knows, getting into a new habit of working doesn’t happen overnight.
In fact, there are certain steps that you need to take, and those steps take time. That’s why our training is rolled out every month for twelve months – it is specifically designed to give you the time and the skills to change the way you think and act. And it helps you to embed your new habits so that they start to become second nature.
What is a habit?
To know where to start with creating new habits, we need to understand what a habit is, and why it matters.
Habits are essentially shortcuts that help us to get through everyday life. They are the things we do quickly and automatically – without thinking – because we’ve done them so often. You can see much more on habits in the work of Professor Katy Milkman of the University of Pennsylvania.
There are things that you do every day that you might not even see as a habit – brushing your teeth, for example, or putting the coffee on when you get downstairs. You have a ‘routine’ – which is just a load of habits stacked together. We all know what it’s like when our routine is disrupted – there’s no coffee in the tin, or the electricity has gone off. That’s an interruption in your daily habits and it suddenly brings your automatic routine into focus.
These are our unconscious habits, and we all have them. Some of them may be ingrained in our upbringing; some may be as a result of our working or home life requirements – early starts or care requirements. The fact that these habits are unconscious means that we are freeing up valuable brain space for the other decisions we need to make during the day.
The different types of habit
In fact, researchers believe that these habits can be divided into three groups. The first group are the habits that we simply don’t notice because they have been part of our lives forever – our unconscious habits. Then there are the habits that we know are good for us – eating healthily, getting enough sleep, doing some exercise or taking time out to help others. And of course, there are the habits that are ‘bad’ for us – eating too much, spending too much, gaming too much. Chewing on our thumbs, nail biting, smoking, the drink immediately after work. Opening your phone immediately when waiting for something (when you only looked at it 30 seconds ago – these are all subconscious habits, rather than something we deliberately choose to do.
Researchers from Duke University have reported that more than 40% of what we do is determined by habits – not active decisions. So, we should be able to make changes in our lives just by cutting down on bad habits and adopting new ones.
Why bring habits into training?
Automatic behaviours are common to all mammals – which is why we can train animals. And it’s why we can also train humans. In fact, it’s not really that different in terms of process. Initially a trigger prompts a behaviour which delivers a reward. “It’s 3pm; I’ll finish this piece of work and then have a piece of cake.” The behaviour may initially be conscious, but over time, the trigger (in this example, looking at the time) will lead to an automatic behaviour, which might be to take a break, that then delivers the reward. And the reward doesn’t have to be physical, like a piece of cake – it can be anything that delivers a dopamine hit, making you happier for a while, like getting up, away from your desk. In fact, some researchers (Lally et al, 2009) have found that the reward is not even necessary, as the neurological pathway has become so etched in our brains.
So we can see that, in order to become better at protecting ourselves and our businesses from cyber attack, we need to employ a method of introducing new habits. So the trigger is the appearance of an unexpected email in our inbox. The behaviour is to stop and think about that email, apply what we have learned about potential attacks and to report the email. The reward is knowing that you have made a good choice and protected the business from potential harm.
Developing new habits is trickier than you might think – it depends on the amount of initial effort physical or mental, required and the length of time it takes. You have to be convinced you are capable of the new behaviour and, once convinced, you need the opportunity to perform the behaviour and a reward to make you feel good about it.
The timing of the reward is also important. Wendy Wood, who wrote the book Good Habits, Bad Habits (2019), says that rewards should be immediate, as dopamine, the neurotransmitter which plays a key role in providing the reward sensation we seek, operates on a timeline of seconds. Rewards that may arrive in a week or a month will not help much in habit formation. So the aim is to do the right thing, and feel good about it.
And that’s what we do with Psybersafe – our training programme is designed to help your staff build awareness and habits that will protect your business from cyber attack.
You can find out more in our blogs about the usefulness and problems of habits – and how you can really change things for the better.
Join our newsletter to keep up to date with our training and insightful information regarding our training and protecting you and your employees from cyber attacks.