How Storytelling Makes Cybersecurity Culture Stick
Oct 12, 2016 5:32am
Your office walls may be full of best practices – “Keep your data protected in 5 easy steps” - and rules – “Before leaving the office: 1. Clean your internet history, 2.…” – yet many companies still fall victim to cyber attacks, while unencrypted laptops and memory sticks are getting lost all the time.
If best practices and rules are letting you down… don’t panic! The right solution might be easier than you think.
The Power of Storytelling
Do you recall learning about not taking candies from strangers? I’m sure it wasn’t just because your parents told you not to. More likely, and how I remember, this lesson came from hearing the tale of Snow White. That evil witch still haunts me today!
By nature, our brains are far more engaged by storytelling than by plain facts, which only affect the language parts of our brains. Reading a story, however, involves more of your senses, as well as the language part. Other parts of the brain become activated as if we were actually experiencing the story.
Simply put, stories stick better than rules.
3 Tips for Creating a Cybersecurity Story That Sticks
When hearing topics about cybersecurity, people tend to tune out – they may think cybersecurity is too boring, too complicated or just not for them.
And so cybersecurity and storytelling are a perfect match. The objective of storytelling is to turn an otherwise complex idea into something easy and approachable, while also creating an emotional bond to be captured and retained by our brains.
But, how do we make “boring” data become powerful and engaging stories? In other words, how do we make cybersecurity stick? Here are 3 tips:
Don’t Forget the Bad Guy
Before telling your creative new story, there’s just one last question: Did I include a villain?
Villains are an essential part of any good story. The reason is really simple: they help people understand threats. Not knowing or understanding threats reduces the importance of our actions, as well as decreases our ability to see, respond and protect from menacing attacks.
And that’s why best practices and rules are often not enough on their own. In order to achieve and spread a culture of cybersecurity, key rules, best practices and stories must all complement each other.
Beyond that, surely nothing beats practical hands-on experience. But that’s another story – and another blog.
About the Author
Michael Waksman is the CEO of Jetico, a company that provides pure and simple data protection software for National Security, Compliance and Personal Privacy. Jetico's BCWipe wipes selected files beyond forensic recovery such as in response to classified data spills, while BCWipe Total WipeOut can erase hard drive data entirely such as for disposal or decommission. To protect stored data, Jetico's BestCrypt delivers compliant data encryption software for whole disks, virtual drives and selected files or folders.