Three Motivations of Bad Cybersecurity Hygiene

Do an experiment for me.

Step 1 – Over the next 24 hours, ask 3 different people for their top 5 tips, suggestions, or ways to practice cybersecurity hygiene.

Below are the 5 common responses I received.

• Making passwords complex and not to reuse them
• Not to store passwords or credit card information in the browser
• Never click a link in the email without first checking its source
• To always opt for multi-factor authentication wherever offered
• Never share sensitive information over the phone or via email

Step 2 – Ask which of these have they not practiced themselves?

No matter who we are, we all fall prey to the three motivations of bad cybersecurity hygiene. Even though we know better, we don’t always put it into practice (me included).

Step 3 – Ask “Why not?”

Many will say, “I don’t know”. But if you push a little more for an answer, you'll discover their replies can be categorized under – Convenience, Fear or Greed.

Understanding human behaviors and motivations (why do people do what they do) are a big part of effective risk management. As a risk manager, you can then appropriately allocate resources and build defenses around your employees' habits, strengths & weaknesses.

That said, from the list above, how many are you a culprit of? What was your motivation for not doing them?