How Storytelling Makes Cybersecurity Culture Stick

Your office walls may be full of best practices – "Keep your data protected in 5 easy steps" - and rules – "Before leaving the office: 1. Clean your internet history, 2.…" – yet many companies still fall victim to cyber attacks, while unencrypted laptops and memory sticks are getting lost all the time.

If best practices and rules are letting you down… don’t panic! The right solution might be easier than you think.

The Power of Storytelling

Do you recall learning about not taking candies from strangers? I’m sure it wasn’t just because your parents told you not to. More likely, and how I remember, this lesson came from hearing the tale of Snow White. That evil witch still haunts me today!

By nature, our brains are far more engaged by storytelling than by plain facts, which only affect the language parts of our brains. Reading a story, however, involves more of your senses, as well as the language part. Other parts of the brain become activated as if we were actually experiencing the story. Simply put, stories stick better than rules.

3 Tips for Creating a Cybersecurity Story That Sticks

When hearing topics about cybersecurity, people tend to tune out – they may think cybersecurity is too boring, too complicated or just not for them. And so cybersecurity and storytelling are a perfect match.

The objective of storytelling is to turn an otherwise complex idea into something easy and approachable, while also creating an emotional bond to be captured and retained by our brains.

But, how do we make “boring” data become powerful and engaging stories? In other words, how do we make cybersecurity stick? Here are 3 tips:

#1 - Make it real
Cyber is often misperceived as not real. It’s just so intangible – right, it’s virtual! So let’s make cybersecurity more “real” by comparing it to common everyday activities. Think about it… we can better relate to encryption when it’s explained in terms of locking your doors or keeping your valuables in a safe. For example, see how we compare cyber hygiene to more familiar dental hygiene.

#2 - Discover the child in us
You’ve heard it many times before – we all have that inner child. So, let’s bring it out! Take a well-known fable and make it yours. Read how Ali Baba replaced “Open Sesame” with a stronger and more memorable password. Or imagine your own characters and stories … malicious viruses are spreading and threatening to conquer our planet. Tell your kids why they should become the next Cyber Avenger!

#3 - Leave them laughing or crying
As we know, stories touch many parts of our brain – making us laugh or cry. Transforming plain facts and dull technical details into humanized experiences will help you create emotions and establish a bond between you and the audience. Computer processes, software programs and best practices can be explained in terms of natural behaviors, daily tasks and even babies and cat videos! Have you realized that encryption can be as easy as smiling? 

Don’t Forget the Bad Guy

Before telling your creative new story, there’s just one last question: Did I include a villain?

Villains are an essential part of any good story. The reason is really simple: they help people understand threats. Not knowing or understanding threats reduces the importance of our actions, as well as decreases our ability to see, respond and protect from menacing attacks.

And that’s why best practices and rules are often not enough on their own. In order to achieve and spread a culture of cybersecurity, key rules, best practices and stories must all complement each other.

Beyond that, surely nothing beats practical hands-on experience. But that’s another story – and another blog.

This post originally appeared as part of a guest blog on StaySafeOnline.org, the website of the National Cyber Security Alliance, and is republished here with permission of NCSA.