I had the pleasure of getting to attend the Atlanta SecureWorld Conference this year and I loved it. This was my first ever conference and I really just went to get myself out of my comfort zone. Also, I was wanting to network with other industry professionals from all walks of experience. With that said, I would like to share some of what I learned in the classes while at the conference.

First, I learned about how behavioral science influences and affects cybersecurity. Behavior takes three things in order to change it or shape it. Those three aspects are capability, motivation, and opportunity. So, let’s start with capability. When training professionals on cyber topics, know that facts don’t change people’s behavior but rather emotion does. A lot of us have experienced learned helplessness along the way and therefore don’t even try when it comes to trying to do better at cyber safety. The more that security training and education professionals can make cyber less scary, the better off employees will be.

Next, we need to talk about feelings, like I mentioned above. There are three main feelings around cybersecurity that are not helpful. The first is intimidation, many mainstream people are intimidated by thought of cybersecurity. Second, they are frustrated when trying to stay safe online. Third, many worry about staying safe online and how to do so. Therefore, as cyber professionals, we need to get away from using scary images and use realistic imagery. The education people receive should be empowering and make employees feel like can do all the things listed above. Thus, leading to a peace of mind that you get when you do adopt the correct security features.

Finally, let’s discuss some opportunities that people can take advantage of when it comes to staying safe online. These are easy to follow and all you have to do is start somewhere. First is to install a phishing report button on the email interface employees use or make sure they are using it if they have one already. Second, our favorite one, make sure your passwords are hard to guess and secure. You can use a password generator for this and as you log into different accounts, you can use a password manager to remember them. Third, make sure that if the applications you are using have a multi-factor authentication option that you are using it. This helps to make sure only you are the one accessing your items. Finally, make sure that you and your employees are back up their data regularly and in many locations. With that, they also need to be installing updated regularly as they come.

I hope that you all enjoyed this excerpt on behavioral science and how it relates to cybersecurity. In my next blog post I will cover the second class I attended at the conference and just keep going from there. In total, I will probably have 4 blog posts about the talks I heard at SecureWorld so stay tuned!