Using Influence Strategies to Improve Security Awareness Programs
By Alyssa Robinson
Even companies with extensive, well-funded security awareness programs fall victim to attacks involving phishing, weak passwords and SQL injection, presumably the primary targets of user education. Either their users don’t have the skills to avoid these pitfalls, or they lack the motivation to apply those skills. Psychologists and other social scientists have studied the roots of effective behavioral change and have solutions to offer. By exploring personal, social and environmental sources of motivation and ability, security awareness professionals can attack the problem from multiple sides and give users both the ability and the will to make necessary changes.