I remember when we got our first computer. I was 13-year-old. Although in my mind it looked like a Macintosh, it was a second-hand computer like the ones you saw at the doctor’s practice. At that time, it felt exhilarating to have an electronic device at all! The firewall function was something I remember vividly. Security updates took a very long time back then! A decade later, so much has changed and evolved. Firewalls are even more sophisticated, using the latest disruptive technology to control access and manage wanted and unwanted data infiltration.
Wait, Nadja, remind us of what a firewall is and does, please?
“A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been the first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.” CISCO
Why should I care? We have some of the best firewalls in the world already!
Social engineering is the art of psychological manipulation to trick users into making security mistakes or giving away sensitive information.
“Cyber-criminals conduct social engineering attacks by manipulating people in ways that result in the perpetrator gaining access to property or information that they should not be privy to. Their tactics might include persuasion, impersonation, or even intimidation. Perpetrators may deploy social engineering tactics through several different types of cyber-attacks, such as phishing emails, fraudulent online offers or prizes, or telephone scams”.
The fact is no technology in the world can prevent social engineering attacks. Mitigation is about people and behaviors, and most find security complicated and see it as an obstacle in their everyday life.
The question becomes, how do we build human firewalls in a time where people are swamped with digital overload, economic anxiety, emotional pressure, and new ways of working that were forced upon them during a pandemic? By building emotional firewalls and foster emotional resilience and mental alertness.
Excuse me, emotional what? Let me explain through the art of storytelling!
How you can build emotional firewalls across your workforce
Meet Karim, Karim is a Chief Information Officer (CISO) at company Social Inc. Social Inc. has around 3000 employees, with 80% working remotely across three different countries. Social Inc. is a traditional organization and relies on centralized decision making and is big on hierarchy. Despite its conservative culture, Social Inc. cares about its employees, and they believe in the power of a healthy organizational culture. They want people to feel excited when coming to work. That is until COVID-2019 kicked in and disrupted their workforce.
Karim’s life became even busier as they quickly had to set up secure remote systems with secure connections and security training. He and his team worked around the clock for the first three months to ensure minimum damage to the company’s networks. His cyber experts became mentally and physically exhausted as they were always under attack by cyber hackers. The stats showed cyber breach attempts every minute, and although they had the technology to help, it became unsustainable. Things got worse as employees refused to take cybersecurity training seriously. At least that was Karim’s perception.
“If people would use their common sense and implement cyber hygiene practices! How difficult is it to install updates and think twice before you act on an email that tries to scam them?
His CEO does not seem to care that much. In his view, they are managing well so far. He keeps in close contact with the risk management department, and he feels he is paying Karim and his team enough money to do their job.
What Karim does not see is that Patrick, the CEO, deep down feels overwhelmed himself. He does feel the impact of cybersecurity, and it scares him at night. Yes, they have adequate insurance, but how long before his personal reputation and corporate image will be affected? How long before he starts losing trust and confidence of his board members and customers due to a major breach? How long before he gets scrutinized and fined due to regulatory sanctions?
For now, he has a lot on his plate. His priority is to keep the company operating in an age of pandemic; inaction prevails.
He urges Karim to figure it out with the HR department. They have a budget for training people, so he asks him to develop new training solutions and reduce the risk and impact of social engineering attacks.
“If people are the leading cause for your nightmares, Karim, then do something about the people!”
Easier said than done, Patrick…
The epiphany and turnaround when we join forces
Karim sets up a meeting with Mia, Social Inc’s HR director. Mia is the ever optimist and seems to look at everything with a new, creative, and positive lens. She begins the meeting with Karim by pitching her idea on further cyber education and training through emotional intelligence.
Karim starts laughing, not because he thinks it is funny, but because he thinks his life could not worsen. Is she serious? Emotions?
“I hate to break it to you, Mia, but so far, all of your soft skills training only attracts 30% of our employees because most of our employees are men. Men who believe emotions are not for the workplace. Men who don’t believe feelings matter when solving cybersecurity issues. And most of the women actually feel the same. They are trained to be rational problem-solvers and decision-makers. They are experts in using their analytical minds, not their emotions! And you are telling me you want to have them in their feelings? How is this going to work? Please enlighten me! “
Luckily Mia feels very comfortable in her own skin and does not take things personally. She smiles and explains to Karim her plan.
“Karim, let’s look at this from another perspective. The perspective about the problems we face. First of all, we face remote productivity and engagement levels below 11%, which directly impact our turnover and profit that are plummeting. Second, phishing attacks have increased by 300% in the past year. Cyber hackers use emotional manipulation to target our employees. Some of them are resilient, mentally alert, and don’t fall prey. But most of them are influenced by their mood – emotions! Distractions, stress anxiety, and pressure are a breeding ground for human error. Finally, people are fed up with more boring security training and regulations. You know that 45% of our people don’t take the training. And 30% of those who do still click on malicious links!
So we need to approach this in a win-win situation, a dual-track approach!
People may not get excited to do boring security training, but what if you can help them increase their engagement, stress tolerance, and resilience levels? Train them to communicate and learn new ways of working online while using simulations and creative exercises to improve cyber hygiene?
People need stress relief and have some fun while they are at it. It is common knowledge that when people experience more positive emotions, they use a significantly higher portion of their brain capacity. When they feel stressed-out and tired, their survival mode is on. Their response options are based on fear. So even the most rational person under chronic high pressure can fall for social engineering attacks!”
A new approach, a different outcome
Karim seems half convinced. Mia triggered his curiosity, and so they agree to run a pilot training. They surveyed the manager’s emotional intelligence levels*, simulated social engineering attacks, and used various role play and creative exercises to practice building emotional firewalls. Some participants even loved to play the cyber hacker, and people felt how easy it is to fall when we don’t have emotional firewalls.
Within six months, human error saw a decline of 30%, remote productivity and engagement went up by 40%, and Karim’s life became more manageable. He and his team understood now how to manage and leverage their emotional intelligence to be more alert and less tired when mitigating cyber breaches. They become more effective and less drained by their work!
When they ran a survey with the participants of the training, the findings were shockingly surprising. People learned new coping mechanisms on how to manage their work-life balance in the new environment. They developed more empathy for their colleagues and managers while working online. They become more focused and less distracted. And guess what? They did not fall as quickly as they used for emails that looked credible but were after something else.
If you resonate with this story, let’s connect and discuss how we can help you turn things around in your organization. It is our mission to focus on what we do best: helping organizations build emotional firewalls across their workforce in an increasingly digitized world!
Schedule your Call
Emotional Intelligence (EI) is a set of emotional and social skills that influence how we perceive and express ourselves, develop and maintain social relationships, cope with challenges, and use dynamic information in an effective and meaningful way. I work with the scientifically validated markers from the EQ-i 2.0 Model: self-perception, self-expression, interpersonal relations, decision-making, and stress management. The EQ-i 2.0 model allows participants to understand how their emotional intelligence impacts their workplace performance (conflict resolution, change management, teamwork, decision making, and more) with strategies customized based on individual survey results.