(3 min read)
We were interested to read an article in The Economist earlier this month, referencing the recent issues that politicians have had with their personal communications.
Liz Truss allegedly had her personal phone hacked when she was Foreign Secretary, resulting in the stealing of messages about Ukraine and more personal ones about her party colleagues.
And Home Secretary Suella Braverman has also admitted using her personal email address for work matters, rendering the significant security in place for senior politicians worse than useless.
As The Economist article says: “The real problem is behavioural, as anyone in an IT team can attest. Security protocols are tedious. Powerful folk tend to think that their time outweights whatever risk the nerds fret about. They are wrong. Using their work phones for work is both the least and the most important thing that officials can do.”
Of course, significant security measures are in place to protect senior politicians, diplomats, civil servants and others. Those measures are necessary, but they’re often ‘annoying’ to manage. Difficult passwords, two-factor authentication and other measures get in the way of fast communication and instant response.
And it’s not just ‘powerful folk’ that have these issues. We are all keen to get on with our lives and often resent any barriers put in our way. Not only that, our brains are wired to take the easy route. Cognitive effort is avoided if not necessary. This is why we have habits, biases and heuristics that help us manage the overload of things we have to do or get bombarded with at any point in time: as I write I feel the keys I tap on, I see what I write, assess whether it’s right or wrong. All the while I breathe, hear sounds inside and outside, smell smells, feel the chair I’m sitting on and so on and on. So when something else stops me from easily doing what I’m focusing on, the easiest thing to do is work round those barriers by using our personal devices, our personal email addresses and even send things to other people to save time and energy.
The problem is that this ‘bypassing’ behaviour is exactly what hackers are hoping for. They play on the fact that you can’t be bothered to do things properly, or don’t want to jump through the security hoops in front of you. And as soon as you choose the path of least resistance, they jump in.
Unsecured communications can be hacked very easily. Busy people click on links, open attachments, reply without thinking. And before you know it, sensitive documents are compromised, access to servers is gained and a hacker is ransoming your organisation for the data they’ve stolen. Or, they’re in your own email account, or worse, your bank account.
Change to better behaviours
Rather than thinking about our own convenience, we need to be thinking about protecting our own data and the security of the organisations we work for. We need to be aware of the damage that a cyber criminal can do if we make just one mistake. We need to actually take more time over device security, not less.
This all requires a permanent change in behaviour. And that requires a little bit of time and effort –nowhere near as much as giving up smoking or training for a sports event – but effort nonetheless.
For that to work, we need regular prompting and reminding as to why changing the way we do things is a good idea. And that it doesn’t have to be so difficult. The biggest issue is that people often favour the easy option over the right option – that’s human nature. And that’s the point of behaviour change – over time, the new behaviour becomes the ‘easy option’. When even the most technically-secure organisations, like governments, can be compromised by one person’s wrong behaviour, it’s easy to see that an investment in training people to change their behaviours is a win-win.
To find out more, contact us to talk about a free trial today.
Sign up below to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.