author photo
By Devon Warren-Kachelein
Thu | Oct 14, 2021 | 8:35 AM PDT

Next time you are checking your email, try frowning.

Try it right now: Frown at your screen and notice how it makes your body feel. Are you observing more feelings of mistrust and caution? Now, try smiling at your screen. Does it make a difference between your brain's response? Chances are it does.

According to George Finney, it could be the difference between getting hacked through a phishing link or not. 

Finney—CISO at Southern Methodist University, SecureWorld Advisory Council member, and keynote speaker at this year's Texas virtual conference—developed a technique to help end-users discern between safe emails and phishing messages.

A new strategy for phishing email detection  

This technique, dubbed the "Slow Down and Frown" method, is already showing successful results from studies.

In a post on LinkedIn, Finney shared about a student completing her dissertation on his theory. Her results from testing more than 400 users showed that frowning increased the odds for weeding out phishing emails. There was at least a 63% improvement in the ability to detect a malicious email. 

Science behind Finney's Slow Down and Frown technique is that by frowning, users can tap into their natural skepticism, making them likely to lessen their click factor. 

"I've actually shown, at least for my user population, frowning for 30 seconds while checking your email actually reduces the likelihood that an individual will click, and they report on those phishing messages.... Just like smiling releases endorphins in the brain that tricks you into being happy, frowning taps into those [areas] that actually increases your own skepticism," says Finney. 

Of course, Finney does not recommend constant frowning throughout the day or when you're responding to a message, but this is just one of the helpful tips he has created to add another layer of defense when guarding against phishing attacks. 

Labeled one of the presentations this year with "the most feels," this unique tip is one of the useful kernels of advice Finney offered at the Texas 2021 conference. His new book, "Well Aware," is the embodiment of the security motto that it is more about the journey than the destination. 

Discover your cybersecurity strengths with 'Well Aware' book

Not only a knowledgeable expert in cybersecurity, Finney has now authored four books. The latest installment, "Well Aware," delves into the psychology behind what he calls internal and external habits in cybersecurity. These nine habits—literacy, skepticism, vigilance, secrecy, culture, diligence, community, mirroring, and deception—are the skills Finney argues need to be mastered in cybersecurity. 

"I think that [understanding your strengths in cybersecurity] has the added benefit of helping people identify with security, right? Security can be very scary and intimidating. I think by giving everyone a role to play, an identity, we can help jumpstart the process of building those cybersecurity habits that much faster."

Sharing information, in many cases, is how the information security world improves. In a fast-paced industry where there is always something new to learn, Finney wrote this book to share inspiring stories. 

"I think it takes all of us sharing our stories to get better, and that's actually why I wrote the book. Really, I want to have the chance to tell the stories of successful leaders out there in the community. Folks like the CEO of the Girl Scouts who created the Cybersecurity Merit Badge Program, and we talked about how she did. We talk about how John Kindervag created the concept of Zero Trust and what the influences were behind that."

Cybersecurity has many branches and divisions, and each person will have different strengths. You may be thinking about some of the people you have worked with and how they fit into their particular department. Finney argues the differences can make for a winning cybersecurity team. 

"That's the unique value that you bring to the organization, and then that's how you can help the best in whatever role you're playing."

He says we may gravitate towards our own types, but cybersecurity is built around different traits. Every piece of the puzzle is important. 

"I found, personally, that folks who are my exact same type, we get along really well. When I'm really hitting it off with someone, I think 'oh, you're this personality type,' and sure enough, that's the case. But in security, it takes a lot of different personalities to make an organization secure. We have to have multiple perspectives to eliminate our blind spots. Building a team around supporting lots of different habits helps us be more and more secure."

What is your cybersecurity personality? 

Finney developed a personality assessment, like Myers-Briggs and other introspective inventories for self-growth, this time with a cybersecurity-leaning focus.

At the end of the day, it takes all kinds of people to run an organization. The takeaway from Finney's presentation is by starting with a reflective analysis of your own skills internally, you can then address the outside factors of  building a cybersecurity culture and community.

What type of personality are you when it comes to cybersecurity? Take the  Cyber-Personality Assessment on George Finney's website,  WellAwareSecurity.com.

If you missed his presentation at SecureWorld, you can watch it here on-demand.

[RESOURCE] Are you looking for more valuable information to take back to your organization? SecureWorld is currently in conference season, and the next installment will be SecureWorld Rockies virtual conference on November 17, 2021.

Comments