3 psychological reasons why you don’t take cyber security as seriously as you should

Have you ever left your wallet or purse unattended on a table in a restaurant while you popped to the bathroom?

Or have you ever left the front door to your house open while you nipped to the shops?

If the answer to either of these questions is ‘yes’, there’s a good chance it wasn’t intentional.

We take the security of our personal belongings and home extremely seriously.

So why can’t the same be said for our digital assets?

On this Safer Internet Day, we look into three deeply rooted psychological reasons for why most people take a laissez faire attitude to cyber security.

Then, most importantly, we look at what we can do to change these attitudes.

We’re not wired right

Human memory has limits. While some scientists believe that the brain has the ‘storage space’ equivalent of a million gigabytes (that’s enough to hold three million hours of television shows) the way we process information means that it’s not always easy or even possible to retrieve memories once they have been stored.

This has implications for our memory of passwords. The latest studies suggest the average person has 100 passwords to remember. However, being able to recall 100 different passwords at will does not come naturally to us.

This is why we take shortcuts with our passwords. Even though we know we should create a completely unique and obscure password for every new digital account we set up, we cheat in order to accommodate our limitations.

The greatest digital sins we commit with regards to passwords are creating passwords using common words or number chains, then reusing those passwords – or slight variations – for multiple accounts.

Solution: make your wiring work for you

Research suggests that the human mind may remember phrases better than words when it comes to passwords.

Therefore, it can help recall if you build your passwords using the first letters of each word of a well known phrase.

For example, ‘You’re never fully dressed without a smile’ becomes the password YNFDWAS.

Try to avoid famous phrases such as ‘To be or not to be that is the question’ and try to make the phrase personal to you – for example, by using the first letters of each word of a secret such as ‘My guilty pleasure is watching The Bachelor!’ – MGPIWTB!

We’re impacted by our locus of control

Psychologists believe that human beings all have a locus of control and that that locus of control is either internal or external.

In layman’s terms, this means that people either believe they are largely in charge of what happens to them in life or they believe that their lives are largely controlled by external factors.

A person’s locus of control can impact how they view cybersecurity.

If they believe that outside bodies such as internet providers and government bodies – or even a work IT team – is responsible for protecting them from cybercrime, then they may be less likely to take protective measures to protect themselves against it.

Solution: take a locus of control test

You can find out which sort of locus of control you or your staff have using a short test.

If you find out you have an external locus of control you have two options. Firstly, you can work to change your locus. This Medium article features some handy tips on how to do this.

Alternatively, you can hammer home the message to yourself or your team that protection against cyber crime starts at the personal level.

After all – data suggests that human error leads to as much as 90 per cent of cyber crime.

We don’t appreciate the emotional impact of cyber crime

Most news reports and information articles on cyber attacks tend to highlight the financial and national security costs associated with cyber crime.

Check out these headlines…

‘Cleaning up SolarWinds hack may cost as much as $100 billion’

‘British Airways could face potential £800 million lawsuit over 2018 data breach’

Then take a look at the first sentences on the cyber crime page of the National Crime Agency website. It reads:

“Cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Cyber crime costs the UK billions of pounds, causes untold damage, and threatens national security.”

While these sort of messages may make interesting reading for the average Jo, they don’t contain a lot of meaning. It’s hard to relate to these sorts of stories.

So, we carry on with our poor cyber protection routines as usual.

Solution: gen up on the emotional fallout of a cyber attack

It won’t shock you to discover that experiencing a cyber attack is stressful. However, you may be surprised to find out just how stressful the experience can be.

One study split participants into four groups and each group was shown a video.

The first group were shown a video about waste water treatment, the second were shown a video about a non-lethal cyber security attack, the third were shown footage about a lethal cyber security attack, and the fourth were shown a video about a real world terrorist attack.

Following the screenings, the psychologists rated the stress levels of participants.

The results?

The people who watched the videos about the cyber attacks felt almost the same levels of stress as those who watched the video about a real world attack.

The figures – 2.7 for the control group, 3.4 and 3.6 for the cyber attack videos, 4 for the real world attack footage.

A team of researchers at the University of Portsmouth, meanwhile, have found that cyber crime can have a similar emotional impact to real world crime like burglary.

Professor Mark Button who led the research team told technology news website ZDNet: “Some victims feel violated like it's a physical attack. Many victims reported psychological impacts such as anger, anxiety, fear, isolation and embarrassment.”

Other research studies have found that experiencing a cyber attack can even lead to depression.

Ready to up your cyber security game?

Here are four quick wins…

Block out an hour in your schedule to check the strength of your passwords and ideally update them.

Running a website? At a bare minimum, you need to ensure it is protected by an SSL certificate. For extra protection meanwhile consider a product like Sucuri Website Security.

Take our quick Cyber Hygiene Test to improve your cyber hygiene.