They’re out there and they’ve targeted everyone, even the most seasoned technology professionals...Scams.
We had a discussion on scams and how businesses should incorporate cyber security training not only to keep up with rapidly evolving technology, but to start making training more personal.
A Change is Coming.
Corporations still have a ways to go to incorporate personal training into their “check the box” compliance oriented training. Most understand they have a responsibility on training individuals, yet people are still falling for the same scams time and time again.
It’s like driving. Everyone learns about stop signs and when to hit the gas pedal. This is fact based learning. The issue is that while vehicles are being made with more safety features than ever, there are still a ton of accidents out there. So, how in the heck are people still getting into accidents? Let’s get behind the wheel…
Psych 101
More than a million people become scam victims every year. What’s the psychology behind falling for a scam? Trust, Confirmation Bias, Other Biases, and belief in personal vulnerability? Once a victim understands these issues, they are in a position to fix it. Once a company understands these issues, they are in a position to teach it.
Scammers think like marketers and prey on our emotions. Humans are emotional. It’s curiosity, fear, anger, greed, biases, and trust that make us vulnerable and scammers craft their messages based on these things and then we are triggered. For example, that phone call you get from the school nurse. Immediately, you are worried and are willing to listen. Then...out of nowhere...you just got scammed.
Scams are not going away but we can acquire good habits to change our behavior to keep us safe. Companies can help facilitate that.
Beyond the Check Boxes
Again...we’re skipping blame and we are helping to create trust by providing resources and training employees when they get scammed.
If someone is scammed, they will go through trauma whether or not it is at home or work and some trauma can be similar to PTSD. You can use these three steps to help them:
If they can see something in themselves, they can change it. Most scammed victims are scammed over and over because they didn’t address the root cause.
Create consumer awareness materials just to be aware of sketchy situations happening. For example, putting wire fraud information in with a home buying disclosure statement.
Work with HR to create a benefits package that incorporates help when it comes to cyber security, like maybe a free month of credit report monitoring.
It’s a Culture Thing
In the real world, if we see danger on the street, we avoid it. We use our senses to spot trouble. We don’t have that in the digital world and the threats are always there. We don’t take as long to think online as we do in the real world.
We tend to put more trust than we should in complete strangers. Stranger Trust is putting trust into a stranger because they resemble someone we know and trust. We subconsciously feel a sense of obligation to them.
People also tend to seek information that relates to their own belief system. This is known as Confirmation Bias. If someone clicks on a link in a scam email, some part of them actually believes that link will give them confirmation.
We do what we are told and we do it as soon as possible. We are in a hurry, we are on mobile devices most of the time, and sometimes we click on things accidentally!
We live in a world where we are constantly moving and everything seems to have a sense of urgency. We respond with a knee jerk reaction most of the time. Many scams can be avoided if we could just stop, think, and then make a decision.
Power to the People
While we are all analog people in a digital world, there are ways that we can think more effectively.
Building up advocates in your business can help support and mitigate security risks is one way to help drive security awareness training. Give incentives.
People crave information. Tell stories that are relatable and emotional and provide actions people can take now in order to be safer online. Make it personal and incorporate what people are doing in their everyday lives.
Create an understanding within your organization that you are one big team and your employees are the best line of defense. Bosses...be up front with your employees that it is okay to call and check if that email is from you even whenever there is the slightest doubt.
Know Your Audience.
Think like a marketer. Marketers spend a lot of time researching people and their behaviors in order to craft messages that speak on a personal level. Speak in their language and make it a conversation without a bunch of geek language.
We are all on social media all the time whether it’s Facebook, Twitter, or LinkedIn, but sometimes the personal and the professional lines cross. Unfortunately, the scams are on social media sites as well. We as individuals, as well as companies, need to define what our responsibilities are when it comes to mixing work and play on social media.
Coaching - This approach can be done at every level and involves the training and mitigation of scams. Communicate it, train it, and have trusted people within the organization get on their soap boxes and advocate for it.
Social Media Policy - More and more companies are creating a social media policy at the HR level. Some industries are now requiring it. Of course, you would want checks and balances in place as well to ensure compliance!
It Takes a Village.
Bad things are going to happen. Educate people on what to look for and how to notify others. Create a community like a neighborhood watch to keep an eye out. This is a great place that someone can go to understand what happened and how to recover from it.
There is also a global scam reporting platform that provides live feeds to law enforcement agencies. Save this awesome resource from Any Scam here.
If you have the ability to help, you have the responsibility. Put in extra effort and walk others through it. It’s a journey.
The best asset and best line of defense is your people. They are NOT your weakest link.
Victoria L. Thomas - Cybersecurity Awareness, Marketing Communications