New Year, New You: Mastering Cyber-Fitness with Proven Habit-Building Strategies

Show Notes

Kick off the new year with us as we launch our 'New Year, New You' campaign, tailored to infuse cyber safety into your daily habits.

We're excited to share our lineup of engaging activities to bolster the Yale community's cybersecurity awareness. We've got your back from the highly anticipated 21-day Cyber Habit Challenge to our practical workshops and self-paced activities.

We've also drawn inspiration from two bestselling books about habits -  BJ Fogg's "Tiny Habits" and James Clear's "Atomic Habits". Our goal is to help you build and maintain cyber-safe practices both at Yale and in your personal life. Listen in as we unravel the struggles of sticking to New Year's resolutions - usually too lofty and unrealistic -  and the nuances of realistic habit formation.

As your Bee Cyber Fit podcast hosts, we bring our personal stories to the table, discussing how even simple tools like a timed water bottle or calendar reminders can become powerful prompts in habit building.

We also touch upon the crucial topic of ransomware, breaking down its mechanics, and the peril of succumbing to cybercriminals' demands. Tune in for actionable steps to keep your digital life secure, including the importance of backups, system updates, and the power of cautious clicking.

Our conversation wraps up with a reflection on how anchoring new cybersecurity habits to existing routines can lead to a more secure and fulfilling year ahead. Join us for this informative session that promises to enlighten and empower you in the cyber realm.

********
Calls to Action:

Ready to join us and build your cyber muscles? 

Here are three simple actions you can take:

1. Sign up for the 21-Day Cyber Habit Challenge. It starts February 1 but the Yale community can register at any time during the month.
2. Weigh in with your feedback - complete our annual cybersecurity awareness survey. Your opinion matters and your insights will help shape our cybersecurity awareness program in 2024 and beyond.
3. Compete in our cybersecurity awareness trivia challenge. 

Learn more about Yale Cybersecurity Awareness at cybersecurity.yale.edu/awareness

Never miss an episode! Sign up to receive Bee Cyber Fit podcast alerts. 

Transcript

Wendy: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone, where we cut through confusing cyber speak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles. 

 James: And I'm James Tucciarone. Together, we're part of Yale University's Information Security Policy and Awareness Team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research. 

 Wendy: Ready to get cyber fit with us? 

 Hey everyone. Welcome to another episode of the Bee Cyber Fit podcast. We're excited you're here and hope you're ready to get cyber fit with us. If you're a new listener, welcome aboard. This is the place to come for information and some inspiration to stay safe online and outsmart cybercriminals. This podcast is one of the many tools in our toolkit that we use at Yale University to help our faculty, staff and students build their cyber muscles. James, Happy January, Happy New Year. It's good to be back in the studio with you. And I have to ask, how were your holidays? 

James: Happy New Year. I really enjoyed the recess. I especially appreciated some time to relax and catch up on my to-do list. Wendy, what about you? 

Wendy: Hmm. Me too. It was really nice. I was fortunate to have a little getaway before the holidays in Mexico. That was awesome. And you know me, I love my beach time. And then quality time with family and friends. I'm definitely back feeling refreshed. 

James: Me too. I can't believe it's already 2024, and I'm really excited for the year ahead. But then again, I think I say that [Wendy giggles] every year, but we do have some really cool things planned for this year, wouldn't you say? 

Wendy: Absolutely. And I can't wait for us to talk about them today. I don't think there's anything more powerful than starting off a New Year with refreshed habits, and especially James, ones that actually stick. Yet, getting habits to stick is so hard, I really struggle with that. I know from experience, I'm guessing other people listening might be in the same boat too. Today, we're introducing our New Year New You campaign to help you start 2024 in cybersafe ways. We're taking a deep dive into two excellent books about forming habits, and we'll talk more about our cybersecurity awareness plans for the year too. But first, let's find out about our Buzzword of the Day, ransomware. 

James: What would you do if you lost access to your device or to all your files? Or, worse yet, what if a cybercriminal locked your data and demanded payment for you to regain access? Stay tuned to find out how cybercriminals use ransomware to do just that, and how we can avoid falling victim to these attacks. 

Wendy, I don't know about you, but I really appreciate the beginning of a New Year because it's the time we launch our New Year New You campaign. We have a bunch of different learning activities and events for the Yale community to take part in. Our goal is to help Yale start the year on a cybersafe foot by offering engaging opportunities to build or enhance our cyber habits. 

 We have some self-paced activities, workshops, and our annual awareness survey where folks can weigh in with their opinions and ideas about our awareness program. One of the things though that I'm most excited about is our 21-day cyber habit challenge that starts on February 1st. 

Wendy: Oh, James, me too. I cannot wait. It's such a great way to get dialed in about cybersafe behaviors at the beginning of the year. Plus, to be honest, there's something about New Year's resolutions that never seem to work for me. I get started, and then after a while, which sometimes, honestly, is not that long, I usually fall off the wagon back to my prior behavior, like eating too much. My biggest disappointments typically fall in the categories of healthy eating and exercise. Yet, overall, I'm a healthy person, but to take it to that next level of optimal health, I start off strong, but can tend to get overwhelmed by my goals. Does that ever happen to you? 

James: It definitely does, and that's part of the reason why I had such a long to-do list over the winter recess. 

 Wendy: I'm glad to know it's not just me. I feel like there's a difference between making resolutions, which in my personal experience are too lofty and don't stick, and forming habits. In the past, I've come up with overly ambitious goals that basically set me up for failure, because I'm often not realistic about the time it takes, or sometimes I start off really strong and I lose my motivation. 

James: I totally agree. It can be really difficult to get started and to stay motivated. But I don't think we're alone because there are lots of books out there that focus on topics like motivation and habits.

Wendy: A lot, James. It's hard to know where to start. 

James: There are a lot. And today, we're focusing on two just such books, Tiny Habits by BJ Fogg and Atomic Habits by James Clear. Each of them offers some helpful insights about habit formation. 

Wendy: They do. And while we can't do a truly deep dive in our limited amount of time, we do want to share several key ideas from each book, and how you might apply them to being cybersafe. And let's be honest, your personal life too. 

 James: All right, Wendy. Let's jump into our first book, Atomic Habits. Sort of like the principle behind our saying within the cybersecurity awareness program, your small steps protect Yale's big mission. Atomic habits are small habits that can potentially compound into big results. The book discusses a lot of interesting thoughts, including how our habits are tied to our identity. But today, I want to focus on the four fundamental building blocks, or what James Clear calls laws of building habits that stick. And those four laws are to make it obvious, make it attractive, make it easy and make it satisfying. 

 Wendy: Oh. You had me, James, at make it easy. Yes, I want to create habits that are easy and also ones that I want to do. So, yes, please. 

James: So, let's start with make it obvious. It's all about tying our habits to cues. James Clear refers to implementation intentions, which are where we define our intention, such as when X happens, I will do Y. Make it obvious also touches on the idea of how we can optimize our environment with positive cues. Wendy, consider how a simple poster calling out the common social engineering tactics we discuss in our fudge model could provide a visual cue that reinforces the habit of considering them when we engage with communications. Could you see how something so simple might lead to internalization and ultimately to changing our habits? 

 Wendy: Absolutely, James. A visual cue can be a powerful reminder. And the truth is, because we're all so busy, we often must remind people about cybersafe behaviors many times. That visual cue in your workspace, whether it's a cube at the office or it's a home office, that can support habit formation in my opinion.

 James: Absolutely. So, next, we have make it attractive. Now, this gets interesting because it ties our habits to our physiology. In particular, Atomic Habits discusses how habit-forming behaviors generate spikes in dopamine levels, where dopamine is a type of neurotransmitter that affects motivation and pleasure among other things. 

 In the context of habits, Clear notes that when we predict an opportunity will be rewarding, we experience a dopamine spike. And an increase in dopamine translates into an increase in motivation. He goes on to talk about the idea of temptation bundling, where we link an action we want to do with an action we need to do. For instance, consider how much more likely we might be to timely apply system and software updates if we said, "While I'm waiting for an update to finish, I'll check social media on my mobile device." Maybe not the best example for work, but I think you can get the picture. 

Wendy: That is such an interesting concept. I haven't heard that before, temptation bundling. I could see that working in my personal life, to be honest, James. So, for example, when I'm waiting for water to boil for my tea, I could spend a few minutes working on the New York Times Spelling Bee, which I do every day and I'm totally addicted to. So, that could be like a little temptation for me. And thinking of it from our cybersecurity awareness perspective, while I'm waiting for my phone to update, I could take a peek at the daily email I receive about the latest cybersecurity threats out there in the world. 

James: Those are great examples. Now, make it easy is pretty much exactly what it sounds like. Clear breaks down the law of least effort, where people most often select the option that takes the least amount of work. I found this discussion on commitment devices or changes we make in the present that affect our future actions to be particularly interesting. The book calls out some one-time actions that can lead to good habits, one of them being to unsubscribe from emails to improve productivity. I think this also works in terms of cybersecurity. If we unsubscribe from unnecessary emails, there's fewer we have to go through and less chance of a fraudulent email being misidentified as legitimate. My thought process being, if I don't usually receive messages from this company organization, why am I getting it now? 

Wendy: Hmm, that makes sense to me, James. I think it helps the community when we ask them to be cybersafe, like reporting a suspicious email. And it's a simple task to complete. So, yes, the easy part. I like it like the easy button. 

James: Finally, we have make it satisfying. Clear suggests that the first three laws are really about an instance of performing a behavior or performing a behavior this time. While making it satisfying encourages us for next time or reinforces repeat behavior. A big part of this is incorporating some type of immediate reward. And the rewards don't have to be physical. Take the idea of a streak, for example. For participants in our cyber habit challenge, keeping up momentum and completing successive tasks, helps reinforce motivation because we want to keep that streak going. And this streak of success offers some level of personal satisfaction. 

Wendy: Perfect example. I am a streak person myself, and I get motivated by maintaining certain behaviors. James, I'll tell you a quick story. A few years back, I had a meditation streak that was going on for close to 365 days. Yes, I was very proud of that. And I was totally bummed when one day I completely forgot to do the meditation. So, just like that, my streak was over. So, I'm all in on this idea of making it satisfying as a motivator. 

James, I love what you just shared about James Clear's model around habit formation. And I now want to shift us a little bit and segue into talking about Tiny Habits, which actually came out a couple of years later. And interestingly, there are several common themes to both of the books. 

I love this book because I found it to be easy to read and the information was pretty easy to digest. One of the things I really liked were the examples that the author, BJ Fogg, shares about what habit change actually looks like and how it can be easier than we often expect. Just like with Atomic Habits, it's about making those small but doable changes and integrating new habits into existing routines. 

I want to pull out just a couple of themes that spoke to me. First, the author debunks the idea that we have to make big changes to see results. So often we have these big, lofty goals we talked about like losing 50 pounds. But that seems really big, and honestly hard to achieve. But what if we could break it down into something less daunting? So, that's that idea about those tiny changes. 

Second, BJ Fogg's work as a behavioral scientist is grounded in research from his lab at Stanford University. He's not only worked with thousands of people in his lab, but I like that he also draws insights from creating habits from his own experience. He did all this experimentation to figure out what works and what doesn't. And then he tested those theories in his research lab with his subjects. 

One particular thing that stands out for me is what he calls his behavior design model. And this is actually a universally studied and admired framework that comprises three different elements. And he says, they all need to happen at the same time in order for behavior change to happen and for those habits that are so hard to stick to actually do that we do them again and again. And James, you know, this is a model that cybersecurity awareness professionals like ourselves use to help encourage our communities to take cybersafe actions. So, let me take a moment and just break these down for us.

So, the first part of this model is motivation. So, we have to be motivated to want to be safe online. And I would say that certainly in our Yale community, I think that most people want to do that, they have the motivation. Second, we need to have the ability to do that. And an example could be, someone has the ability to sign up for our monthly awareness tip. And then there's a prompt. So, the prompt could be-- Of course, someone had the ability to sign up. Now they're prompted because they're getting that monthly tip that comes out the second Wednesday of the month. So, habits foremost easily, when someone is motivated to change their behavior, as we said, and can do so. The easier it is for them to do, just like in Atomic Habits, the greater the likelihood that it will work. And that prompt, as we talked about, is often that missing part that puts that whole model together. 

So, James, that example I talked about with the monthly tip, does that seem like a pretty good representation of how we could apply this to the Yale community and cybersecurity awareness in general? 

James: Absolutely. And hopefully, folks will actually use that example and sign up for our monthly tip. But what I really like is this idea of using behavioral science to build cybersafe habits. We often discuss how cybercriminals use the science behind behavior for social engineering. And using behavioral science to form safe habits seems like a perfect way to counteract that. 

Wendy: I think it really is. I'm looking forward to how we can experiment with this model as we go through 2024 at Yale thinking about motivation, ability and prompt. I do want to take a moment just to share a personal example, because I want you all to hear how we could apply this in our personal lives too. I will tell you that I am not a great water drinker. I try to drink like 64 ounces of water a day, and I know that it helps me increase my focus. Plus, in the winter, my skin is really dry and I don't want that. So, I have motivation to drink more water. I certainly have the ability because James, I can go over to the faucet and fill up my water bottle. The problem for me is that when I get super busy, when we have all these meetings, I forget to drink, especially on busy days. 

Enter the prompt, that third piece that sometimes is missing. One of my good friends sent me this really cool water bottle that I've never seen before. And on this plastic bottle, BPA-free, of course, are all these different times. So, it holds 32 ounces, and it shows you basically how much water you should drink at each hour interval. So, instead of trying to drink all this water at once, if you are using that as a prompt, you can pace yourself. And what I found is that it has made it so much easier for me to actually drink enough water in a day, and that has already made a difference. So, I have the motivation, I have the ability, and now I have this really handy prompt that's bringing it full circle. So, I totally am applying BJ Fogg's model to my own life. 

James, do you have an example of when all three elements of this model came together for you for a habit on a consistent basis? 

James: I think I do. So, I've actually been preparing for a really intensive certification exam, but I sometimes find it hard to avoid getting sidetracked and just procrastinating. But I'm definitely motivated to pass this exam. And an ability I have is to add a regularly scheduled calendar reminder, and that reminder becomes my prompt to get down to business. 

Wendy: Oh, I love that. That's a good one. I'm just going to say I'm feeling really confident that you're going to pass the test. So, [giggles] I can't wait to hear the results and how it goes. I do want to say one final thing about habits that I loved in the book and that was BJ Fogg's emphasis on anchoring new habits to existing ones. 

So, instead of saying, "I'm going to do all these pushups each day at some random time," why not tie it to another habit? And he shares an example of how he would brush his teeth, that's a habit that you do all the time. You don't even think about, it's just something you do. And then afterward, he would immediately do several pushups. And he realized that when he tied it together, he was more likely to do that. So, that one anchoring habit can support us in establishing a new one. So, I thought that was very insightful. Usually, I brush my teeth and then I immediately go fill up my water bottle. So, while I'm waiting for the water, can I do my own set of pushups like on the wall? I don't know, it's a work in progress, James. But I'm going to see what I can do to try to experiment with this concept of anchoring. 

I think James, this was a great conversation. I'd love for it to even be longer because both books were like 300 pages. So, there's so much we didn't even touch on and talk about. This is like the abridged version, but I hope it gives everyone listening just a little sense for how we can build better habits in really small ways in both our personal lives and also when it comes to being cybersafe. Now, let's hear more about our Buzzword of the Day, ransomware. 

James: Here's the buzz on the cyber threat known as ransomware. At a high level, ransomware is a type of malicious software used to deny access to files or even entire computer systems. This malicious software often finds its way onto our devices by means of phishing attacks, malicious links, attachments, and websites or through vulnerabilities in systems and software that haven't been updated. Once the ransomware is active, systems or data become encrypted, which prevents access without using a key. Cybercriminals then demand a ransom with promises of providing this key to unlock our systems and regain our access. Also common in these attacks are threats of exploiting or leaking our data. However, it's important to note, paying the ransom is not a guarantee. Victims may never receive the key to decrypt the infected systems, or the key may not actually work. 

We should also consider that after paying such a ransom, our devices will still be infected, we may be more likely to be targeted again, and the ransom will most likely be used to fund future criminal activity. So, what should we do if we become a victim of ransomware? If a ransomware attack occurs on a device containing Yale data, contact Yale's information security office right away. For personal devices, consider reporting the crime to your local federal law enforcement field office and filing a complaint with the FBI's Internet crime complaint center. 

But what can we do to prevent becoming a victim of ransomware? Here's a few best practices to minimize our risk. Create backups of data and systems. This is a key step for recovery. These backups should be stored on a device that doesn't remain connected to our primary device, the Internet or our home networks. Keep systems and software up to date. This ensures critical security vulnerabilities are resolved and don't become backdoors for cybercriminals to gain access to our systems. Click with caution and learn to spot suspicious emails in social engineering. Remember that cybercriminals often try to create a sense of urgency or play on our emotions as psychological tactics of manipulation. And don't forget to keep listening to the Bee Cyber Fit podcast, where we simplify cybersecurity and help you to be aware, to be prepared and to be cyber fit. 

 Wendy: James, this has been an action-packed episode full of all kinds of good information. And you know, it would not be the Bee Cyber Fit podcast, if we didn't give our amazing audience some calls to action. So, we have three for you for this episode. Our first call to action. If you are part of the Yale community, we invite you to participate in our 21-day cyber habit challenge that starts on February 1st. This is a chance to practice a daily task related to cybersecurity to build your cyber awareness and know-how. And even if you're listening a little later in the month, it's not too late to join. And you know what else? We invite our Yale community to weigh in on our annual cybersecurity awareness survey. We want you to tell us about all things cybersecurity at Yale, what's working, what do you want to know more about, and what can we do better? Please let us know. The link is in the show notes.

And finally, if you're ready for a little fun, regardless of whether you're in our Yale community or outside of there, we have a very cool trivia quiz that's open to anybody. Our self-paced cybersecurity awareness trivia game is a great way to test your knowledge and compete against others for a chance to win some cool swag. Well, at least if you're a Yale, you can win some really cool swag. For more details on all these calls to action, please check out the show notes. 

James: Wendy, we really do have some exciting things planned, and I hope this chat encourages our listeners' motivation in building better habits and boosting their cybersecurity. 

But that's all we have for today. So, until next time, I'm here with Wendy Battles. And I'm James Tucciarone. We'd like to thank everyone who helps make this podcast possible, and we'd also like to thank Yale University, where this podcast is produced and recorded. 

 Wendy: Thank you all so much for listening. We truly appreciate it. And remember, it only takes simple steps to be cyber fit. 

[Transcript provided by SpeechDocs Podcast Transcription]