How can non-technical leaders contribute to cyber security?

November 10, 2017 7:45 am

Whether you consider yourself or your business vulnerable to cyber security or not, no business leader wants to face the consequences of a breach.

Some of the recent high profile cyber attacks have been shown to rely on social engineering as much as they have on technology.  For example, a single employee unsuspectingly clicking on the wrong link can result in the introduction of malware ultimately contaminating the whole network. Moreover, this often occurs without any indication that the system has been compromised until months or even years later.

Many leaders do not realise that the workplace culture impacts a person’s (and therefore the business’s) propensity to being scammed/phished.  Culture influences overall mindset towards cyber security as well as employee’s ability to focus their attention on what they are doing, think deeply and make good in-the-moment decisions.

tim-gouw-167127Brain-science has shown that aspects of most common work environments may inadvertently exacerbate flaws in the way we process information and make decisions, opening us up to hacks and scams.

In some ways, online scammers are not that different today from the fraudsters of the past, relying on the fact that we all use mental heuristics (shortcuts) to process day-to-day decisions such as:

  • Reciprocity – if someone gives us something, our biases is to give something back
  • Conformity – if someone in a position of authority asks us to do something, we are more likely to do it
  • Belonging – if someone we know or identify with endorses something, we are more likely to go along with it

These particular shortcuts exist because we are highly social beings.  Over many generations we have evolved ways of working with other people that are efficient so we don’t have to use precious brain energy for every little decision that needs to be made throughout the day.  Scientists have found that the more quickly/automatically we respond to requests, the more likely we are to be using some type of heuristic to inform us how to respond.  Similarly, the more distracted or overloaded our brains are the more we rely on mental shortcuts to quickly get things done.

Think about how this plays out at work.

stefan-stefancik-257625Much of the time when we are on our computers we are multi-tasking, under time pressures and dealing with information overload.  This is the ‘perfect storm’ to increase our reliance on mental shortcuts (biases) rather than carefully thinking through the implications of our actions.  Scammers often further exacerbate this situation by creating a sense of urgency.  Urgency takes up lots of brain processing power at the expense of deeper more reflective processing, making us even more likely to react rather than think deeply and consider all the possibilities or implications of our actions.

Likewise, research shows that fatigue, conflicting goals, mental/physical stress or even feeling the threat of negative social judgement impacts the probability that we will not apply our full brainpower to make what seem like routine decisions.

There are many things leaders can do. First and foremost, cultivate a psychologically safe environment.  Specifically, ensure people:

  1. Are clear about expectations (reduce conflicting demands and ambiguity)
  2. Have adequate resources and time to carry out responsibilities
  3. Are supported to question/challenge
  4. Do not feel a constant sense of threat

The same conditions that underlie high engagement also contribute to people being able to ‘think more clearly and deeply’ and therefore reduce the risk of employees being ‘tricked’ by scammers taking advantage of the natural mental biases that are more likely when people are working in conditions of uncertainty, stress and anxiety.

The focus for cyber protection is typically on the technology, but company culture is another avenue for impact.  Healthy culture is an area that all leaders – at all levels – can make an important contribution.

Want more practical BrainWise tools?

Connect with us by signing up for our newsletter or get in touch directly to learn more about our workshops, digital solutions and other services.

Dr Connie Henson, author of BrainWise Leadership, designs change leadership programs informed by the latest neuroscience research through her company Learning Quest. For information, email, call 0410 598 585 or visit  Follow on twitter @LearningQuest

Leave a Reply

Your email address will not be published. Required fields are marked *