When we hear stories in the news about a ransomware incident or a data breach, it’s normal for most people to think the attack was conducted by outside actors who somehow breached a company’s defenses and made off with email addresses and other types of data. Like thieves in a bank-heist movie, we envision them blowing the door off the safe and making off with the loot. Some of us might even cast a thought to the data itself, and whether our own information was in there somewhere. But what if you were to find out the main culprit in this story is…you? Your Fear of Looking Stupid
You didn’t plan the heist, of course, and you certainly didn’t benefit from the takings, but your fear of looking stupid left the safe door open and made the crime possible.
We live in an era in which we have to be extremely diligent about everything we do because criminals, from the most sophisticated to the laziest, are constantly watching for opportunities to break in and steal information that can be resold or abused for further crimes. The techniques for preventing them inevitably come down to relying on human beings to do their part. That includes maintaining and changing complicated passwords on a regular basis, thinking twice before clicking on phishing links, and generally being suspicious about every single thing that could help a bad actor break-in.
The problem is, that learning these techniques appears difficult. Most people don’t consider themselves to be computer savvy, and the prospect of working with 16-digit passwords filled with random characters, using password management software, or even changing the password on their home router seems difficult and time-consuming. These lead ultimately to fear of potentially losing our jobs.
How? Because learning new skills runs the risk of making a mistake. Mistakes lead to the risk of looking stupid, which may lead to a bad job review and the threat of job loss. Taking the time to maintain passwords or to double-check emails for phishing scams risks appearing inefficient in the eyes of the boss.
Whichever way you look at it, the biggest threat to being proactive in protecting your employer’s data comes from how it will make you look. Looking
It’s natural to think this way. We’re kept so busy that there’s no opportunity for us to pause and think about having a conversation with the manager about receiving training. And even if you did, most organizations’ cultures don’t support training in any equitable or effective way. Sending somebody out for a one-hour or even a one-day training course to learn how to use password management software is a recipe for failure. Humans are very good at learning, but not at learning fast.
It takes many repeats and iterations before a new skill becomes fixed in our mental and physical processes. Anyone who has taken a training course will realize that, at best, they can’t remember more than half of what they were taught even a day later. It takes days of repeated practice — weeks, even — before a new idea turns into entrenched wisdom. Looking
Safe online practices are a concept for people who, since the very first day of kindergarten, have been indoctrinated in the idea that if you don’t easily get it right, then you’re automatically wrong. Looking
In this second decade of the 21st century, being aware of how to protect your data — not just work-related data like log-in passwords, but the data that you use at home to sign onto your personal Amazon account, to order food from a delivery service, or anything else you do online — needs to be treated with the same degree of respect and attention that you would an actual combination to the company safe. This is because everything is connected. Your computer at home is connected to a router, which is connected to the Internet, which is connected to your company and many other companies. As I stated: everything is connected.
It’s vital that managers and companies lead the charge in redefining curiosity and adult learning as something that takes time, effort, and attention, and that learning must be given the respect it demands. Yes, people will make mistakes the first time they try a new skill. That’s what happens when we’re learning. But to place the burden of a company’s entire security on the shoulders of individuals who aren’t yet fully experts in managing their passwords is a crime unto itself. Looking
The fault of lax cybersecurity more often than not lies internally with an unsupportive company culture rather than externally with the bad actors. They are, after all, simply taking advantage of a situation that’s been presented to them. Looking
* * *
Steve Prentice is an expert in the relationship between humans and technology in the workplace. He is the author of books on time management, stress management, and career management. His new book is The Future of Workplace Fear: How Human Reflex Stands in the Way of Digital Transformation. Learn more at steveprentice.com.
By Steve Prentice
Discussion about this post