Right this very minute, a hacker could be trying to get into your computer. According to a University of Maryland study, such attacks happen every 39 seconds. They can happen at any time and hit anyone.
Victims of cyberattacks can range from individuals and families to corporations and governments, with impacts including financial loss, job loss, data leaks and even service disruptions that can cost lives.
In short, says Dr. Marc Dupuis, there鈥檚 a lot to fear when it comes to cybersecurity. Whether fear is useful or ethical as a tool for combatting digital threats is a topic that holds great interest to him.
鈥淚t鈥檚 safe to say we all want to improve our cybersecurity from a personal, organizational and national security perspective,鈥 said Dupuis, an associate professor in the 糖心vlog视频鈥檚 School of STEM. 鈥淗owever, is the use of fear and other negative emotions the most effective and ethical way to accomplish this goal?鈥
Dupuis will be speaking on the topic: 鈥淐ybersecurity: Is Fear Counterproductive?鈥 in an at McMenamins Anderson School in Bothell, Washington, on March 25 at 7 p.m. Beyond considering the utility of fear, he鈥檒l also be providing advice on how to stay safe in the digital landscape.
The human element
While technologies to protect against cyberattacks are constantly evolving alongside those that enable them, human error remains the greatest threat to cybersecurity. According to the Cybersecurity and Infrastructure Security Agency, more than 90% of successful cyberattacks begin with a phishing email.
This social and human element of cybersecurity is what first attracted Dupuis to the field, he said. 鈥淚 was always curious how these perfectly smart, intelligent, reasonable people could have this happen to them. What causes people to fall victim to these social engineering tactics?鈥
Now an expert on the topic, he understands the seeming impossibility of navigating the minefield of the internet 鈥 and has even experienced it firsthand.
In a cybersecurity camp held for seventh to 12th graders over the past several years, Dupuis does an exercise where he asks the students to 鈥渟pear phish鈥 him, sending phishing emails that directly target him.
鈥淚 know it鈥檚 coming, and I鈥檓 an expert,鈥 he said. 鈥淎nd while they are still newly trained, they are still so good that there were some emails I really didn鈥檛 know if they were legit or not.
鈥淪o, when you think about the average, everyday person with all their work and all these distractions and everything else, and they get an email that appears very reasonable, of course they鈥檙e going to click on it here and there.鈥
Many faces of fear
Apart from the fear induced by the inherent risk of cyberattacks, fear is also a tool weaponized by hackers to instill a sense of urgency and a need to click on an email, despite uncertainty about its source. To the untrained eye, email subject lines that threaten negative consequences for an unpaid parking ticket or a bank notification alerting you to a possible fraud attempt can be hard to ignore.
Fear and other negative emotions are also often used by organizations to garner compliance from their workers to prevent cyberattacks, threatening possible punishments and even job loss for failure to comply.
It remains a topic of debate whether this tactic is worthwhile, Dupuis said. 鈥淎 lot of times we intuitively think that scaring people is going to be effective, and there鈥檚 some research out there to support that. But more recently, and in subsequent studies, we鈥檙e actually finding that the opposite may be true.鈥
In analyzing other fear-based programs 鈥 such as Scared Straight, a program aimed at keeping juveniles out of prison, and similar programs targeting teen pregnancy 鈥 he found that early studies indicated some short-term success.
When the more long-term impacts of these programs were studied, however, researchers found that the participants actually had an increased likelihood of becoming incarcerated or experiencing teen pregnancy.
Fear at bay
One of the biggest downsides to fear as a prevention measure, Dupuis noted, is that it can stifle a tool that truly can make a difference: open communication.
鈥淔ear doesn鈥檛 really create an environment where people feel comfortable coming forward if they have made a mistake or if they鈥檙e uncertain about something,鈥 he said. 鈥淚nstead, it creates animosity and can create a power dynamic that isn鈥檛 really healthy. It doesn鈥檛 work long term, and it doesn鈥檛 make people want to work to support the organization.鈥
The same is true for families, he added. When parents foster a supportive environment where their children feel comfortable approaching them with problems, they鈥檙e able to better prevent and overcome those issues.
鈥淐ommunicating openly is one of the most powerful things you can do,鈥 he said. 鈥淲hether it鈥檚 a family setting or an organization, the more you create a culture and an environment in which people feel comfortable coming to you with questions, the better off you鈥檒l be.
鈥淐yberattacks can happen to any of us, no matter how sophisticated our malware protection or our cybersecurity training is,鈥 he said. 鈥淪o I think it鈥檚 important that we have more grace with people and be reasonable about what the everyday person can do in these scenarios.鈥
“The more you create a culture and an environment in which people feel comfortable coming to you with questions, the better off you鈥檒l be.”
Dr. Marc Dupuis, associate professor, School of STEM
Armed with knowledge
Of course, knowledge is also paramount to personal and organizational cybersecurity, Dupuis said.
If people don鈥檛 know what they鈥檙e looking for, they won鈥檛 know how to prevent it. As opposed to just providing instructions on what not to do, he noted that providing actionable steps people can do is even more effective.
鈥淥ften the biggest predictor of behavior is self-efficacy,鈥 he said. 鈥淚f someone believes they can take action, they鈥檙e much more likely to do it. It鈥檚 about being proactive, not waiting in fear for something bad to happen but also not waiting until something bad happens to try and protect yourself.鈥澛
Here are Dupuis鈥 top four tips to incorporate at home:
- Backup your important and sentimental files 鈥 ideally in multiple locations.聽聽
- Keep your anti-malware software up to date.聽聽
- Use a password manager.聽
- Use a virtual private network, especially when using public WiFi networks.聽聽
For more information and to get tickets to Dupuis鈥 talk, visit the . For additional tips and training and other resources, visit .
