People who've received a little data security training will often over-estimate how much they really know. In behavioral psychology, this is called 'the Dunning-Kruger effect'.
In this short video, Lisa Forte, Partner at Red Goat Cyber Security LLP, explains how this effect influences employees’ behavior to increase the risk of insider data breaches.
Transcript:
The Dunning-Kruger effect is a psychological phenomenon that states that people with a high level of knowledge will underestimate what they know and people with a low level of knowledge will dangerously overestimate how much they know.
The Dunning-Kruger effect impacts insider data breaches because users will typically do a few modules of online training and they'll think they know a lot more about security than they actually do. So what this means is that they think the dangers of cutting corners when it comes to say, encrypting an email, they fully understand. But the trouble is they have dangerously overestimated how much they know about security and encryption, and as a result mistakes get made and breaches happen.
There are two ways that you can reduce the impact of the Dunning-Kruger effect. The first is to continually train your staff, so you're always building on that knowledge and awareness. The second way is to implement tools and technologies that will take the decision out of users' hands as much as possible so that your users can't take risks.