All services

Theory Behind SAFE

“You steer behavior through learning, motivation and facilitation”

Combination of expertise

For more effective protection against human error, Secura combined the expertise of security specialists with the expertise of psychologists (the science of behavior). Psychology teaches us important lessons about behavioral change, on which the SAFE program is based.

No ‘one size fits all’

As we do not believe in 'one size fits all' solutions, we do not currently know which intervention will be used to achieve the goals for your specific focus groups. The most important thing is that the intervention is aimed at removing the barrier to the desired behavior. SAFE has a toolkit of a carefully selected collection of different interventions. These interventions vary according to their topic (e.g., following strong passwords or classification rules), with regard to influencing strategy (e.g., increasing motivating, educating or encouraging), and with regard to resources (e.g., demos, attention grabbers such as posters or video material, or ambassadorship).

The importance of continuous attention

Information security for and by employees is not a one-off project. For most employees, it is not their most important task, so that attention can diminish. Therefore, continuous attention for the subject is a must. This should be in a way that stimulates and keeps people on their toes, because it should not be boring.

Behavior is the result of the following factors:

Ability

Ability refers to what a person knows and understands about security and about the risks. In current approaches such as e-learnings, drafting new rules and classroom trainings, most of the focus is on knowledge.

Motivation

Is someone willing to perform the behavior? Motivation is the result of various personal factors such as experience (has someone tried it before and how did it go?), attitudes (is someone prepared to do some extra effort in return for more safety), perception, norms and values.

Opportunity

Are people enabled to display the desired behavior? Opportunity is determined by organizational factors. Context and culture are most important here. The culture of an organization has a major impact on behavior.

To change behavior you will have to address each of these three factors

SAFE focuses on repeated attention for all three of these factors and thus goes beyond traditional awareness programs that stop at sending knowledge.

In addition, SAFE focuses on carefully identifying the barriers to the desired behavior: why are employees not doing what we would like them to do? Only when it is clear what holds people back from certain behavior, the right steps can be undertaken to remove this barrier. Sometimes this turns out to be a gap in knowledge, but often it is, for example, a matter of lack of motivation, bad experiences or an organizational culture that does not support the goals.

SAFE is based on 5 best practices:

People are not the weakest link, if you....

1. Focus on safe behavior as end goal

2. Combine cybersecurity and psychology

3. Focus on all factors of behavior

4. Measure what your employees need for safe behavior

5. Match the specific needs of your employees by tailored interventions

SAFE in Practice

Contact us

Interested in our SAFE program? Contact us by phone or email and we will get back to you within 48 hours.

Contact Floris

Floris Duvekot Manager Behavior Market Group safe@secura.com +31 88 888 3100

Fact sheets

SAFE - Reduce the Human Risk in Cybersecurity (ENG)

Increase cyber resilience amongst your employees by changing behavior.

Download fact sheet

Raising Your Cyber Resilience

Contact us for a free advice.

+31 (0) 88 888 31 00 Monday – Friday 9:00-17:00 CET info@secura.com

Call me back Contact us

Newsletter

Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.