Eternal Vigilance? Come On! Get Real!

I’ve talked about the importance of awareness, caution, and paying attention. I’ve talked about the danger of opening attachments and clicking on links.

I’ve said that it takes just one mistake to compromise your computer or put you at risk. And I’ve suggested “eternal vigilance” as a way of guarding against that risk.

But how realistic is that, really?

We all have lots of concerns on our mind. And sometimes things catch our interest and attention unexpectedly. When the unexpected happens, we may “forget” what we know and act in the moment, without thinking.

None of us are perfect, and perfection in always paying attention is probably too much to ask. So, what do we do?

We probably will make mistakes. But, if we are at least trying to be aware and pay attention, it is more likely that we will be aware when we make that mistake, even if it is “too late.” Better to realize it late than not to realize it at all.

Even so, there are things we can do to reduce the number of times we make those mistakes. That is where awareness, caution, and “eternal vigilance” come in. If we are able to get that mastered, we will have few occasions where we make that mistake. And our risk is therefore much lower.

In my last post, I suggested to “do whatever it takes to keep yourself aware.” Today, I want to suggest some practical ways to do that. Even if you can’t be perfect at this, if you can master it so that you almost always pay attention, you are likely to have far fewer problems.

Trying to maintain awareness by sheer willpower is a losing proposition. Some people have excellent willpower, while others, not so much so. But everyone will, at one time or another, if circumstances are unfavorable, find their willpower isn’t enough, especially when it comes to maintaining “eternal vigilance.”

There is another way.

A much easier way.

For most of us, it doesn’t take too much effort to walk a few steps. It didn’t start out that way. Learning to walk was a challenge and we took some falls before we mastered it. But now, most of us don’t give it a second thought. We just do it.

The same goes for brushing our teeth, tying our shoes, and countless other activities that we engage in on a daily basis. These are habits. Good habits.

A habit is a behavior (mental or physical) that we engage in enough that it becomes essentially automatic, that we can engage in without giving it much thought.

What if were to develop habits that keep us safe online?

Initially, it may take willpower and effort to establish a habit. But, after time, once we have developed that habit, it becomes second nature. For example, if we develop the habit of always stopping to think before clicking on a link, it will become second nature to THINK before clicking on a link.

I said habits are activities that we engage in without much thought. But, now I’m suggesting we form a habit to think MORE about what we are doing. Isn’t that a contradiction?

What we want to do is to not have to think about remembering, but automatically include thinking as part of our computer routine. Instead of following the habit of clicking without thinking, we modify that behavior to include “Thinking before Clicking.”

picture of sign saying: Before you click that link, Stop and Think

Let’s look at another example. If you handle a gun, it is a good practice to always be aware of where the gun is pointed. You should ALWAYS be aware of where the gun is directed and never accidentally point it at someone.

Imagine you are at a gun show. You are looking at a weapon and, suddenly, the fire alarm goes off. Or maybe someone bumps into you. You look around. Are you paying attention to where the gun is pointed?

Or you are hunting (or target shooting) with friends. You are near a road and a passing vehicle backfires. As you swing around to see what is happening, are you sweeping the barrel of your rifle in the direction of your friends? Might you accidentally pull the trigger because you are startled by the sound of the vehicle backfiring a second time?

If you are holding a firearm, you should always be aware of where your gun is pointed. Swinging the gun around when something unexpected happens is a way that accidents happen. And those accidents can be fatal. The technique of handling a gun can become a habit, but it is important that you make sure you have also developed the habit of paying attention to where you are pointing it at all times while handling it. Always.

Likewise, there are some things in security, like clicking on links, that should include paying attention, if you want to avoid accidents. Training yourself to pay attention is best done through forming a habit of thinking, being aware, whenever you are handling your computer.

So, how do we develop a habit?

There isn’t time or space to completely cover that here. But I can at least offer tips to get started.

(For more on this, there are a number of good resources. One is a book by Charles Duhigg entitled The Power of Habit. The first part discusses habit formation. There are many other good resources available. As with security, there is also a fair amount of misinformation on the subject.)

Here are some principles to get you started (just some of many):

The easier the behavior, the easier to make it a habit. So, if you can keep it simple, it will be easier to establish it as a habit.

Emotion can be helpful in establishing a habit. If a positive emotion is associated with the habit, you are more likely to engage in it.

The more important it is to you, the more likely you will make it into a habit. If you can find a good reason to make it a habit, something that will truly motivate you, you are more likely to stick with it.

Providing a reward can help cement the habit in place. Rewards work better if they are on a random schedule. This means not rewarding every success, but doing so on an irregular basis.

A penalty (punishment) can be used in place of a reward. For example, having to pay a fine for not doing the habit activity can provide motivation to make sure you do it.

You have a better idea than I do of what is likely to work for you or motivate you. Come up with your own plan to create the habit you want to create. Then see how it works. If necessary, adjust your plan as needed until you find something that works for you, to develop the habit(s) you want to create.

Let’s consider the habit of not clicking on links until you consider if it is safe.

Let’s discuss possible ways to form the habit of thinking first.

In a previous post, I mentioned putting up a sign. That may be helpful for some of you. It can at least be a starting point.

Let’s say you check e-mail the first thing when you sit down at your computer. Suppose you get a piece of paper and write the following on it: “Before you click that link, STOP and THINK.” Now, tape that paper to the top of your monitor, so the paper covers the monitor. You can’t see the monitor until you flip the sign over. Alternately, you could lay the sign on top of the keyboard and mouse, so you can’t use them to open your e-mail until you move the sign.

That way, you are reminded to THINK FIRST, before clicking on a link. Of course, you will need to pay attention to the sign. If you just move the sign out of the way without thinking, it won’t help you.

picture of sign saying: Before you click that link, Stop and Think

The sign won’t be enough, all by itself.

But, suppose you make it into a habit to spend 20 seconds thinking about how hackers and criminals can trick you by getting you to click on a link. Do that every time you go to your e-mail program.

Here is the solution so far.

Step 1: The sign that you hang on your monitor will remind you to perform step 2.

Step 2: You spend 20-30 seconds thinking about how you can get tricked by a bad link and the bad effect it can have.

Step 3: You repeat step 2 EVERY TIME you are about the check your e-mail again, every time throughout the day.

You can create as many signs (or other reminders) to perform the habit (thinking before clicking) as you want. If you use a daily planner, you can add a reminder to your planner to practice this habit daily. Come up with as many ways to remind yourself to “do” your habit as are necessary to make sure you do it regularly.

Mail notification soundSome e-mail programs play a sound when you get new e-mail in your inbox. Some of them allow you to choose the sound that plays, or to change the default sound that plays, when you get new e-mail. So, if you are able to do that, here’s one that you could use.

Download Sound File (Right-click and “save as” to download.)

You could create or record your own sound to use.

Now, instead of “You’ve Got Mail” or some melody that plays, you hear “Before you click that link, Stop and Think!”

If you don’t know how to do that, you probably know someone that could help you set this up, if your e-mail program plays a sound.

 

Over time, AFTER THE HABIT IS ESTABLISHED, you can probably decrease the time spent on step 2 to a few seconds. And you may not need the reminder of a sign. But, to establish the habit, use every trick you can to make sure you are remembering to THINK before you open your e-mail.

There is one additional step. It is important to make sure the habit remains in place.

There are two parts to making sure you don’t “lose” that habit.

1) Monitor your success periodically. You could choose a particular day of each month to check up on yourself. You could put that on your calendar. It only needs to take a few seconds. Ask yourself if you have been consistently following the habit. If not, it is time to strengthen it or to recreate it.

2) Periodically strengthen that habit. If there is any weakening or slipping of your success in performing that habit, go back and repeat the steps the you used to develop it in the first place. Or come up with an alternate plan to make it stronger and to make sure it stays in place.

To summarize:

Sheer willpower isn’t going to work to make sure you never make a mistake in keeping safe online. Create good habits.

Decide on a simple, easy-to-follow behavior (physical action or mental thinking pattern) that results in your doing (or not doing) what is necessary to keep safe.

Create a reminder system to make sure you practice that behavior.

Create a reward for when you are successful. Variable rewards work best. For example, treating yourself after one week (or one month) of success. Alternately, a penalty for when you fail can work better for some people.

Once the habit has been established, make sure you periodically check on yourself to make sure you keep doing the habit. If necessary, strengthen or recreate the habit.

If you are trying this and your method doesn’t seem to be helping, go back to the beginning and try another way to create the habit.

Reward yourself / congratulate yourself once you have been successful.

Creating a new habit like this takes some work. But it is well worth it.