Want improved adoption of digital security practices? Tell a good story.
Anastasia Kolobrodova |
January 30, 2024
Source: Katy Levinson (CC BY 2.0)
Password breached! Email hacked! With many organizations mandating cybersecurity training, why do these incidents still happen? In part because our adversaries are getting more technologically adept. But also because even experienced educators need more tools to ensure their trainings have the intended effect: to convince journalists to change their patterns and behaviors.
At Freedom of the Press Foundation (FPF), we’re always exploring new ways to share digital security advice with journalists — and, more importantly, ways to make that guidance inspire action.
Threats to press freedom around the world are at an all-time high. Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Thanks for signing up for our newsletter. You are not yet subscribed! Please check your email for a message asking you to confirm your subscription.
Recently, we conducted some exploratory research on methods of communicating the value proposition of digital security to journalists. This blog post looks at our initial findings.
Twitter account @SwiftonSecurity created image macro memes, frequently involving Taylor Swift, that helped peak interest in digital security for non-traditional online audiences. This is one example, as archived by Know Your Meme https://knowyourmeme.com/photos/937387-infosec-taylor-swift
Think about the last time you were inspired to do something new. It could be anything, from going to a protest to taking a pottery class to experimenting with a new recipe in the kitchen. Why did you do it?
More likely than not, it wasn’t because of a webinar or a factsheet. Awareness that something exists usually doesn’t inspire action — but feelings, values, and stories do. There’s a reason why Christmas movies make us text our exes even if it’s a bad idea or why Instagram posts by a friend inspire us to donate to a charity when an article in the newspaper doesn’t. Values resonate and call us to action.
In FPF’s case, we care about what motivates journalists to change their security behaviors. Drawing from elements of a field called narrative change, which uses values-infused storytelling to advocate for sustainable shifts in behavior, we wanted to take a look at what values or stories could help these concepts to land.
Others in the field have done research on security mindsets (McGregor & Watkins, 2016; Henrichsen, 2020; Tsui & Lee, 2021) — looking at what elements have sparked a shift toward secure behaviors in journalists. Past research has shown that a desire for personal safety has been a motivating factor. It has also shown that some journalists started using secure tools to have the freedom to do their work in repressive environments.
Inspired by these findings, we’ve done some exploratory qualitative research to see how these values of “protection” and “freedom” resonated with journalists when infused into a short message about basic digital security practices. We received survey responses from 28 journalists (mostly operating in a Western context).
As an early exploration of these questions, our survey was not intended to be representative of all journalists — instead, it helped us to begin identifying meaningful differences in how reporters interpret and describe values-based framings of security. Respondents by and large told us that the “protection” message was the way to go — but also emphasized that they wanted that message to be bundled with source protection rather than just protection of themselves.
Looking closer at the responses, we also heard that respondents don’t want one-size-fits-all digital security messaging; they want it to be centered around their experiences working as journalists. Additionally, several survey participants conveyed that they see security as a burden or inconvenience, rather than something that is a crucial component of their jobs.
Freedom of the Press Foundation digital security training, December 2023
A lot of folks in the field are working on new ways to present digital security guidance, including how to make it fun and how to make it stick. Our exploratory research suggests that leading with values that resonate with journalists — and infusing those values into stories that center around their lived experience — can help these concepts land. Additionally, we see a need to shift the narrative to emphasize that digital security is not an optional add-on to journalism but rather a tool as integral as a notepad or Rolodex used to be.
Our digital security training team already tries to infuse fun and hands-on interactive work into our training sessions, and we’re looking forward to experimenting with even more new forms and formats in the upcoming year.
Are you interested in learning more details about this research? Do you want to collaborate on future research that looks into values-based storytelling as a way to motivate journalists to adopt digital security practices? Do you or your team need digital security training? Reach out to us at [email protected]!