Perry Carpenter is Chief Evangelist for KnowBe4 Inc., provider of the popular Security Awareness Training & Simulated Phishing platform.
While the mindfulness movement has become quite popular over the past few years, it’s actually a term with “exotic origins” in the 19th century, according to the New York Times. It’s essentially the idea that by slowing down and being hyper-attentive to our surroundings, we can experience physical and mental benefits.
So, what does that have to do with cybersecurity? More than you likely realize.
For instance, consider the proliferation of phishing attacks, which are efforts by cybercriminals to trick you into clicking on dangerous links. Even the most security-savvy among us can fall prey to these attacks. Why? I believe the answer is that we’re busy multitasking and getting distracted.
In short, we’re not being mindful.
Distractions were a prominent driver of cybersecurity breaches during the pandemic, with one study (download required) indicating that workers tend to make mistakes that impact cybersecurity when they are tired or distracted.
Employees don’t have to be working from home to be distracted. They can be distracted wherever they are. This is why it pays to help them develop cybersecurity mindfulness.
From my perspective, there are three factors that can contribute to the opposite of mindfulness.
• Attempting to do several things at once.
• Engaging in making heuristic assumptions that might not always lead to the right decision.
• Being susceptible to emotions that cyber criminals exploit.
Let’s explore each of these in a bit more detail to see how they can contribute to being vulnerable to cybersecurity attacks.
The Myth Of Multitasking
Most of us think multitasking is a good thing—that it helps us be more productive. But it can actually have the opposite effect. Multitasking causes us to lose focus because our minds shift from thing to thing. Each shift results in the loss of cognitive attention. Each time we make a shift, we lose energy—and focus. We become more vulnerable. This is something cyberattackers know well.
The Risk Of Mental Shortcuts
Our brains are made to be efficient and can help us make many decisions quickly without much thought. For instance, if you’re walking across the road and you see a car coming, you don’t want to take time to analyze the situation; you just want to act. And that’s a good thing. But mental shortcuts aren’t always helpful. In fact, from a cybersecurity standpoint, I believe they can be risky.
Let’s say an employee receives an email, and the URL is slightly misspelled. In that situation, a mental shortcut could surface, and the employee’s brain might automatically “fix it,” so it sees what it wants or expects to see—instead of the spelling errors—so the employee clicks the bogus link without thinking.
From my perspective, the more emails we get in a day and the more distractions we have around us, the more likely we are to fall prey to the negative side of mental shortcuts.
The Impact Of Emotional Triggers
The amygdala is an almond-shaped part of the brain that comes into play when our emotions are triggered. If we’re feeling a bit of fear, our amygdala is triggered and will create a fight-or-flight response. That fight-or-flight response can hijack our executive functioning and cause us to do things we might not normally do.
All three of these things—multitasking, mental shortcuts and emotional triggers—can make us vulnerable to cybersecurity threats. From my perspective, we need to be hyperaware in order to avoid them. We need to be mindful.
Helping Employees Become Mindful To Thwart Cybersecurity Risks
Mindfulness can help address human error and concentration. Back in 2017, researchers found that mindfulness training techniques were more effective than traditional training techniques when it came to phishing susceptibility.
From a cybersecurity standpoint, what that means is if we can bring in more mindfulness techniques to our training and help people be more present, they’ll be less likely to click on the bad stuff. So how can we do that?
Here are some ideas.
• Share information with employees about why multitasking isn’t always the most effective—and share research. Drive it home that focusing on doing one thing at a time might help them be more productive, more effective and less prone to cybersecurity risk.
• Teach employees to be attuned to, and to listen to, the signals that their body is sending them. Teach them to listen to the warning signals, including potentially positive signals (like if they see a pop-up offer that seems just too good to be true—and it is). Teach them to understand when they’re being triggered, to slow down and to think before acting.
• Teach them to slow down and refocus. One way to do this is to practice four-square or “box” breathing. This means you inhale for four counts, hold your breath for four counts, exhale for four counts and hold your breath again for four counts—16 seconds altogether. It’s simple, but it’s a technique you and your team can learn to harness.
• Teach them to use energizing movements to become more mindful. Some physical activity can help you concentrate and make you more focused.
Social engineers target our human frailties—and they’re good at it. But if we can learn to practice mindfulness and become more aware of our surroundings and our body’s responses to those stimulants, we can be less vulnerable.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here