Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Building a Security Culture With Behavior Design

    Anyone who has run security awareness programs for a while knows that changing human behaviour is not an easy task. And that sometimes the problem with awareness is that "awareness" alone does not automatically result in secure behavior.

    Let’s look at the challenge of building a security culture through the lens of behaviour design. BJ Fogg’s much-quoted behavior design model neatly outlines that behavior happens when three things come together at the same time: 

     

    Motivation, Ability, and a Prompt which could be a reminder or a nudge to do the behaviour. 

    Motivation

    Fogg’s Behaviour Model highlights three core motivators: Sensation, Anticipation, and Belonging. Each of these has two sides: pleasure/pain, hope/fear, acceptance/rejection. These core motivators apply to everyone; they are central to the human experience.

    Let's try apply these to cybersecurity: 

    • Tapping into people’s emotions by using visually appealing content, engaging with humour and story-based techniques, and activating positive sensations. 
    • Fear can be a powerful motivator too. Show what could happen when. But too much of it can result in apathy and needs to be underpinned with the notion that it is simple to defend.
    • Using the power of leadership or celebrity to tell stories and invoke a sense of belonging. 
    • Making it personally relevant by providing information on how to protect kids or family members 

    Caveats: Humour is a great technique to grab people’s attention, evoke positive emotions and help with memory retention. However it has to be applied carefully and with a sensitivity to the audience's cultures, else it can backfire. Also, it shouldn’t be used too much, as it could result in the audience not taking the core message seriously enough. 

    Ability

    BJ Fogg says that training people is hard work, and most people resist learning new things. That’s just how we are as humans: lazy. Give someone a tool or a resource that makes the behaviour easier to do. A great example is a password manager. This is a tool that takes care of desired behaviour and simplifies the complexity of having to remember multiple different passwords. 

    Prompts 

    The concept of prompt has different names: cue, trigger, nudge, call to action, request, and so on and they all have the purpose to remind and tell people to "do it now". A good example are the password strengths meters reminding people to come up with better passwords as and when they create them. 

    When designing an awareness campaign, it’s important to consider where prompts may be used. For example, in the moment nudges, such as when users look at emails while on the go or when they are about to send a large file to someone externally.

    When it is possible to combine the three elements of motivation, ability and prompts, changing behaviour is a much more likely outcome than just spreading awareness content and hoping for a result. 

    Stay up to date on the rest of this evangelist series to help keep you and your users safe during Cybersecurity Awareness Month and beyond!

     

    Return To KnowBe4 Security Blog

    Get Your Free 2023 Cybersecurity Awareness Month Resource Kit

    Cyber threats can be scary, and for good reason. Malware can be lurking in a suspicious email your users get convinced to click. All it takes is one crack in the door of your network to let all the wrong ones in; spear phishing witches, ravenous ransomwolves, you name it! We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users keep up their cybersecurity defenses. Request your free resource kit now!

    2023 Free Cybersecurity Awareness Month Resource KitHere's what you'll get:

    • Access to free resources for you including our most popular on-demand webinar and whitepaper
    • Resources to help you plan your activities, including your Cybersecurity Awareness Month User Guide and Cybersecurity Awareness Weekly Planner
    • NEW! Featured video module for your users: "Security Culture and You;" plus eight additional video and interactive training modules, all available in multiple languages
    • NEW! Four security hints and tips newsletters; plus additional security docs and awareness tips, all available in multiple languages
    • NEW! Five cyber-monster character cards and posters; plus additional posters and digital signage assets available in multiple languages

    Get Your Free Resource Kit Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit 

    Topics: Security Culture, Cybersecurity Awareness Month

    Anna Collard

    ABOUT ANNA COLLARD

    Anna Collard is the SVP of Content Strategy & Evangelist for KnowBe4 Africa where she drives security awareness across the African continent. She has been working in the cybersecurity field as a security architect and consultant for 18 years, where she has assisted organizations across South Africa, Europe and the U.S. Collard founded security content publisher Popcorn Training, which was acquired by KnowBe4 in 2018. A few of her specialty areas include security awareness best practices, changing cybersecurity cultures, and women in tech.

    Read more from Anna »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews