Cognitive Easy Living
As much diversity as we have across humanity, we're all still the same in important ways. Important ways that hackers love to exploit, but let's leave that alone for the time being.
Let's nerd down for a moment with a look at decision making frameworks. Then, we'll get to the real-world application.
System 1 and System 2
Human decision making can be broken down into two primary paths, often referred to as System 1 and System 2. These mental processes were identified and popularized by Nobel Prize-winning economist Daniel Kahneman in his book "Thinking, Fast and Slow."
Our brains leverage System 1 for quick, intuitive decisions. System 1 thinking requires low effort, low mental stress. These would be things like tying your shoes, driving down an empty road or answering the solving for 2 + 2.
On the other hand, System 2 thinking is slower and more deliberative. Our System 2 brains are engaged when System 1 recognizes that additional thought is necessary. This includes things like solving challenging math problems or driving to an unfamiliar location.
So let's jump into how this applies to all of us IT geeks.
System 2 and Cognitive Strain
When it comes to the work day, we'd all like to spend our energy on productive things. Every manager would certainly like that for their employees.
Ok, thanks for stating the obvious, right?! So where does Cybersecurity Awareness Training come into play? We'll get to that in just a moment.
Engaging our System 2 thinking causes cognitive strain. It's mental work, and it also has physical manifestations. This drains energy. Clinical studies in this realm show that activating our System 2 brain leads to tense muscles, higher blood pressure and increased heart rate. You'll even notice dilated pupils while exerting System 2 effort.
So how do we cut down on the System 2 thinking required to stay safe online?
TL;DR: we train staff in safe online behaviors.
Making safe behaviors the routine allows your users to avoid having to engage System 2 for every tricky potential phishing email. Studying every link and digging into email headers takes a lot of time and energy.
This isn't to say that you shouldn't teach your users on all the facets of risky links, emails and attachments. This is critical. But this should be aimed at replacing the cognitive strain of System 2 thinking with the ease of safe behaviors.
This is exactly what INFIMA does.
Rooted in Behavioral Science, INFIMA focuses on removing unsafe behaviors in your team and replacing them with consistent, safe practices. Through regular phishing simulations, your employees experience varying tests across multiple emotional states.
And the best part - we make it easy with our fully automated Security Awareness Training platform, built for the MSP community.
If you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!
Photo by S Migaj on Unsplash