- Online Behaviour and Social Media Risks:
Many individuals engage in risky online behaviours such as sharing personal information, neglecting privacy settings, sharing sensitive photos, announcing travel plans, revealing locations, accepting requests from strangers, posting impulsively, and clicking on untrusted links. These actions can lead to social engineering attacks, financial fraud, identity theft, reputational damage, and legal consequences. Changing these behaviours involves making individuals more cautious about sharing personal information, proactively updating privacy settings, controlling impulsive online actions, and staying vigilant against social engineering attacks. - Software and System Updates:
Ignoring or postponing software and system updates can increase the vulnerability of systems. Users often find traditional update reminders ineffective and annoying. To change this behaviour, it is crucial to personalize the message, highlighting the risks of not updating, such as potential system degradation, data loss, or the system being turned into a bot. The key is to make the threat relevant to the individual, thus increasing the likelihood of behaviour change. - Backup Practices:
Similar to system updates, backup practices are often neglected by users. Changing this behaviour requires personalizing the risks associated with not performing regular backups, such as the potential loss of valuable data or financial exploitation. Effective communication should focus on the personal consequences to make the message more impactful. - Security and Privacy Settings:
Security and privacy settings across digital platforms often default to low levels, requiring users to actively change them. Due to the status quo bias and the effort needed to change settings, most users stick with the default options. The desired behaviour change is to encourage users to proactively adjust their security settings to higher levels, despite the effort required. - Reporting Security Incidents:
Reporting security incidents is crucial for improving overall cybersecurity. Within organizations, this is a desired behaviour, but individual users can also report incidents to service providers. Changing this behaviour involves convincing users to take responsibility and actively report security threats, contributing to a more secure environment.
References:
- Celestine, N. (2021). “What is behaviour change in psychology? 5 models and theories.” PositivePsychology.com.
- Blythe, J., & Coventry, L. (2018). “Security Behaviours: A Psychological Perspective.” In Computer and Information Security Handbook (3rd ed.).
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.