Search
Close this search box.

Psychology is key to employee online security

As we start 2022, there are more employees than ever working from home for at least part of every week.  Working remotely comes with extra risk for businesses.  When out of an office environment, research shows that employees tend to become more relaxed and less aware around online security issues.  Home wifi is likely to be less secure than the office, and the psychological signals that make people think more carefully – like using security passes to get into the office – aren’t there.

As we start 2022, there are more employees than ever working from home for at least part of every week.  Working remotely comes with extra risk for businesses.  When out of an office environment, research shows that employees tend to become more relaxed and less aware around online security issues.  Home wifi is likely to be less secure than the office, and the psychological signals that make people think more carefully – like using security passes to get into the office – aren’t there.

Cyber security attacks are becoming more frequent for companies of all sizes.  In any business, your employees are the first line of defence against cyber criminals.  In fact, figures suggest that around 90% of successful cyber attacks are down to human error so they need to be really engaged with the dangers that cyber criminals pose, and understand how to behave differently to protect your business – and themselves.  We can do this by using behavioural psychology techniques which “nudge” employees into taking the right decisions.

Appropriate training is key
As a trained behavioural scientist and with a business background in cybersecurity and finance, I have long understood that for many people, mandatory training sessions such as those on cyber security, can be seen as a chore.  People can feel like they’re being told off for not following all the rules, having a weak password or forgetting to lock their laptops when they go to the toilet.  This can create embarrassment or even ‘reactance’ – from psychological Reactance Theory: if you threaten my freedom to choose I will resist – and create the opposite effect. To up their cyber game, employees have to want to take action. In other words, they have to be motivated to do the behaviours we’d like them to do, in preference to what they are doing today. When your team is motivated, they are more proactive and productive – the same is true for cyber security awareness.

Motivation is a desire to undertake a specific behaviour towards a goal. We talk of intrinsic and extrinsic motivation: the desire to do something for the enjoyment of the thing itself – intrinsic – or for the goal it achieves or leads to – extrinsic. The thing about motivation is that whilst important, it is complex and can be difficult to influence. Not only that, but motivation alone will not move people to do things. Of course you have to know what to do or how to do it, but you also have to feel that you can actually do it. You know how to lift a weight, you want to get fit, but you don’t start with a 40kg weight – 10kg? Yes, you can manage that.

So, we need to make things as easy to do as possible so that we don’t have to spend a lot of effort on motivation. Think ‘baby steps’. For example, if your gym clothes and shoes are lying by the side of your bed, ready to be put on first thing in the morning, you’re more likely to put them on and exercise. They’re already there for you – prompting you to make the right decision.

Motivation alone will not move people to do things. You have to know what to do or how to do it and feel that you can do it. And the easier it is, the more likely you are to do it.

How does it work?
As an HR professional, how do you motivate your team to pay more attention to the danger of cyberattacks?  To start, make things easy and fun – or at least a little bit interesting – for them:

  • Reward – the carrot is better than the stick. Instead of haranguing people about their passwords, reward people who spot a phishing email, or who report a dodgy-looking link, or an unsafe practice. Perhaps have a monthly award for the person who has either done the most to protect the business, or who reported a threat that could have been particularly nasty. Celebrate this!
  • Visibility – if all your employees get in terms of cyber awareness is a monthly email reminding them to be vigilant, you’re probably not doing enough. When you’re in the office, put posters and stickers up so that your teams have a visual reminder of the importance of looking after your cyber security. For people working remotely, build it into your weekly or morning team meetings and send out a desk reminder that they can have visible at all times. And walk the talk!
  • Share great content – there are some really useful cyber awareness blogs out there along with hints and tips about working safely from home. There are also some great videos about how easy it is to hack into a company’s IT systems. The more people get to see how easy it is for criminals to access your business, the more they are likely to be motivated to think and behave differently. Stories are powerful.
  • Look for good practice elsewhere – what are other people in your industry doing? How can you learn from them? Can you join cyber security groups, or perhaps create an employee- run group in your business, tasked with keeping cyber security top of mind?
  • Invest in some good training – most cyber security training is dull so find a programme that will grab attention and is interactive.

As the dangers of scams and cyber security breaches affect more businesses, appropriate training for employees is a vital first defence.  It is all about motivating and nudging people to make the right decisions.  The aim is to change behaviours and that can make a real and measurable difference to your business.

    Read more

    Latest News

    Read More

    Revolutionising HR: How Augmented Analytics and AI are Transforming Workforce Management – ARTICLE FROM ISSUE 236 – JUNE 2024

    19 June 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    University of Oxford – Department of Politics and International RelationsSalary: £36,024 to £44,263 per annum

    Jackson Hogg are delighted to be exclusively supporting an established manufacturing client based in Sunderland with the appointment of a Head of HR. £48,000 –

    The HR Director (HRD) will be a key member of the UK senior management team, driving the business forwards through being accountable for the attraction,

    The HR Director (HRD) will be a key member of the UK senior management team, driving the business forwards through being accountable for the attraction,

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE