Security Awareness News | ThinkCyber

How To Shape Your Security Identity | ThinkCyber

Written by ThinkCyber | 24-Oct-2024 05:00:00
 
 

Introduction

When we hear the word “identity” in the world of security, we may think of identity management. However, identity can take on a whole new meaning when it comes to security communications.

In this context, it can relate to encouraging individuals to own specific security roles within the organisation. This can be achieved by allowing people to claim a desired identity by turning their actions into an identity.

 

Framing Actions as Identities

We can shape the actions of others and improve behaviours by turning their actions into identities. This can be achieved by naming a verb or turning it into a noun when referring to an individual's actions.

For example, instead of saying, “Nina leads security awareness training”, try “Nina is a security awareness leader”. By framing a person’s role as an identity, you make it feel more significant and long-lasting, creating positive change within their security behaviours. During an interview with Professor Michael Norton, professor, author, and viral marketer Jonah Berger discussed how turning actions into identities can motivate people to take action. This is because their actions can be seen as an opportunity to claim a desired identity. By framing security tasks as identities, security leaders can encourage people to take ownership and feel more connected to their role in protecting the organisation.

During an interview with Professor Michael Norton, professor, author, and viral marketer Jonah Berger discussed how turning actions into identities can motivate people to take action. This is because their actions can be seen as an opportunity to claim a desired identity. By framing security tasks as identities, security leaders can encourage people to take ownership and feel more connected to their role in protecting the organisation.

 

Questions and Identity 

Including identity-related questions within your security comms materials is also an effective method to help build the security identities of your team members. For example, instead of asking, “Do you report phishing emails?” try, “Are you a phishing reporter?” While subtle, this shift in language can make a big difference in how people view their role within the organisation’s security efforts. It shifts their perspective from a task they perform to an identity they can embrace.

When people are given the chance to claim an ongoing identity within the organisation, they can feel a sense of purpose and belonging. They feel like part of a community, which can make them more engaged and proactive in their actions.

Equally, by showing someone that they are competent in their security role, whether it’s being a “phishing reporter” or “security awareness leader”, helps boost their confidence. This sense of identity can strengthen their commitment to security, benefiting the entire organisation.

 

Time to Try it Yourself!

Take a moment to evaluate your existing security communication style. Are you giving the people within your team a sense of identity in your security awareness comms? Challenge yourself and see if you can create different security identities for team members. Doing so will help empower your people and improve their confidence and ability in their security role.

Stay tuned for the last blog in the series, where we’ll explore the importance of timely interventions within your security comms strategy. We’ll dive into the importance of nudge theory and consistency to help improve your team's security behaviours.

In the meantime, you can find the previous blog in the series  "Strengthening Security Behaviours by Asking the Right Questions"

 
View full post