Storytelling is one of the most ancient and effective forms of human teaching. Just like prehistoric tales warned of the perils lurking in the wild, modern narratives can teach people about the perils lurking in cyberspace. We recently sat down with cybersecurity storytelling experts Wendy Goucher and Joe Pettit to explore how narrative can boost online safety. Here’s what they had to say.
Cybersecurity Storytelling is Good for Children…
Wendy is the author of a series of cyber safety books for children, “The Adventures of Nettie and Webby,” available on Amazon, inspired by the morality stories penned by the Brothers Grimm and Hans Christian Anderson.
In the series, Nettie is plunged “quite literally into Cyberland” and embarks on an Alice in Wonderland-style adventure, encountering various situations and challenges – including, for example, cautionary tales about staying away from certain areas – which serve as analogies for online safety lessons.
“The idea is that, on the face of it, these stories aren’t about computers and the internet, but underneath, they kind of are. I also try to include wider lessons about how people should behave, especially when it comes to respecting those around them. I think that’s an important part of online safety,” she said.
For Wendy, the most crucial lesson in the Nettie series is teaching children to share their online experiences with parents or other trusted adults. At the end of the story, Nettie sits with her grandma and grandad, who stress that if she has seen something she shouldn’t, she won’t get in trouble, but she needs to tell them. In many ways, then, these stories aren’t just for children; they’re for parents, too.
And Parents…
Joe believes that the lessons in Wendy’s books are as important for parents as they are for children. He says that too many parents punish children for doing something wrong online, so the child stops telling them what they have seen, which can make the issue far, far worse.
“The lesson I try to teach my children is that I will be upset if they don’t tell me about something they have seen online, not if they don’t. I want them to know that if they have a problem, we can fix it, but that can’t happen if they don’t tell me about it. I think these books help teach parents that this is the right way to go about teaching children online safety,” he said.
Giving children the opportunity to teach their parents about cybersecurity is also a big part of Wendy’s approach to storytelling. She says that children, especially when they get to school age, “want to know more than their parents; they love being the one that’s saying, ‘you shouldn’t be doing that,’ and that’s how they learn.” Because of this, using stories to teach children about cybersecurity is mutually beneficial.
And Older People…
However, Wendy hasn’t just written cybersecurity stories for children; she’s written them for older people, too. A recent study by the University of Florida has shown that older age is a major risk factor in falling for deceptive emails – Wendy recognizes this fact and is trying to equip older people with the tools needed to protect themselves.
“I’ve heard stories about older people falling for scams and not even telling their families because they were so ashamed. With these books, I’m able to tell people that this kind of thing is actually really common, that older people aren’t powerless, that they can do something about it,” she said.
Wendy’s short eBooks, which are also available on Amazon, use storytelling and recurring characters to teach cybersecurity concepts in an engaging way. She describes them as “like Midsomer Murders, just no one dies.” The stories revolve around a vicar who guides the older adult characters to learn about cybersecurity concepts and find the answers themselves rather than being told the solutions directly.
“I’ve made these stories available on Amazon because not everyone has access to local bookstores. Also, Kindle is good for older people because it lets them choose the font size. That said, if you can support a local bookstore, please do because there are too few of those,” she said.
And Even Cybersecurity Professionals
Finally, Joe and Wendy get onto the topic of cybersecurity professionals and how they can become complacent. Joe says that “some security people might think they know everything, but the reality is that they don’t, no one does.”
Wendy echoes this sentiment, saying that, in her work as a cybersecurity consultant, she’s worked in acclaimed cybersecurity organizations where she was told that “every week someone fell for a phishing scam.”
The pair are keen to express that it’s normal for security professionals to make mistakes, and it’s important for them not to be too hard on themselves. “I think it’s almost harder for us,” Wendy says, “because when we do fall for a scam, we think, ‘this is my job, how did I let this happen?’ But we shouldn’t think like that, because it can happen to anybody. It can even make us better professionals when we get it wrong.”
The key takeaways here are that cybersecurity is everyone’s problem, everyone can make mistakes, and storytelling is one of the best ways to communicate online safety to people, whatever their background might be. If we want to improve cybersecurity awareness, we need to be reading, writing, and retelling stories.
Wendy Goucher is a Cyber Security Consultant at Arcanum, BSC Chartered Fellow, Chartered professional in Risk and Assurance by the UK Cyber Security Council, and Author of cyber security books for children and older people.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.