How developing mental immunity can help you make better cybersecurity decisions

Image: Andriy Onufriyenko / Getty Images

"In pursuit of knowledge, something new is learned. In pursuit of wisdom, something old is unlearned." — Med Jones

As to why Jones' quote is important, many programs designed to help those plying the internet stay safe—either for work or for personal reasons—are failing because their overarching methodology does not include the ability to unlearn. Andy Norman, a philosophy professor at Carnegie Mellon University, in his book "Mental Immunity," offers an interesting new way to look at how to make better choices—something all of us can use. Norman goes on to say that immunity to bad ideas depends on far more than the skills used in critical thinking.

SEE: Identity theft protection policy (TechRepublic Premium)

Mental immune systems 

What is interesting is how Norman suggests that we can have a mental immune system as well as a physical immune system. He points out that young children would be wide-open to mental infections (bad ideas) that adults would brush off without any effort.

Next, Norman offers a 12-step program designed to enhance mental-immune health. If taken seriously, these steps will help our decision-making process when it comes to our online identities—both personal and work. As the steps are considered, view them in the context of how following them would help improve one's cybersecurity stance.

1. Explore unknown notions, but also handle them with care. For example, treat email links as what they are: active agents. "More generally, don't let the trendy concept of informational content fool you: information is rarely passive, obedient and well behaved; often, it takes on a life of its own," mentions Norman. "Information is profoundly unruly."
2. Remember that our minds are not passive knowledge receptacles. "Treat your mind like a bucket full of precious stones and it will become little more than a repository for random, overconfident opinions," suggests Norman. "Instead, treat it as a searchlight and use it to cast light into darkness."
3. We may be entitled to our opinions, but, more often than not, they affect others, so believe responsibly. If one feels it's okay to click an active link in an email, is that a good conviction based on a reliable method of knowing? "Suppose someone else applied the same method to arrive at a conclusion you deplore; would you be okay with that?" asks Norman. "If not, rethink.
4. Distinguishing between good and bad faith is vital. Norman suggests deciding whether having faith is worthy or not depends on more than upstream evidence. Downstream consequences matter as well. "To get there, reason and resolute hopefulness must lead," writes Norman. "Belief must follow."
5. It's good to learn new things, but is as important, if not more so, to let go of information that is suspect or untrue. A link may be okay in one email, but not the next. "Notice an inconsistency in your beliefs?" asks Norman. "Take time to address it."
6. New information is like a puzzle piece. It is important to understand where it fits and how it associates with other pieces. Norman offers the following hints: examine your convictions and bounce them off others; when your opinions don't add up, have the courage to admit it; try out new and interesting configurations; find the truth in dissenting voices. "Deep learning isn't just additive: it's clarifying, constructive, and coherence=enhancing," suggests Norman.
7. Don't use "Who's to say?" to cut short unsettling inquiries. This step is a difficult one. Responsibility is best shared. "It's not okay to keep kicking the hard questions down the road," asserts Norman. "There are more responsible ways of thinking about everything, and we all need to seize opportunities to refine our understanding."
8. Value judgments can be objective—even necessary. It can be as simple as whether sending personal information via an email is worth the risk. Norman adds, "The notion that we cannot develop a responsible shared understanding of what's good and right is mistaken."
9. Be flexible by treating challenges to beliefs as opportunities rather than threats. "Challenges in no way diminish your worth," advises Norman. "So don't get defensive; instead, think of the challenge as being a learning opportunity."
10. Belonging to a community with an inquiring mindset rather than one holding to a rigid belief system is immensely important. A group that embraces flexibility will improve cybersecurity overall, as cybercrime methodology does not stand still.
11. Do not hold to a belief solely because a good reason was given. Norman explains, "A healthy mind is always open to the possibility that a new question or countervailing reason will upset the balance."
12. Although unproven, ideas that have survived scrutiny should not be underestimated. They are better than the alternative. But, as mentioned in Step 11, be ready to reexamine and discard if new information appears.

Final thought

Med Jones and Andy Norman may not know much about cybersecurity, but they understand the wisdom in making good decisions and allowing others to change our minds. Norman concludes with, "We merit the courage of our convictions only when we have the courage to part with them."

Also see

• Why employees need counterespionage training (TechRepublic) 
  
• AI: Now is the time for us to get it right (TechRepublic) 
  
• How to become a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
• Shadow IT policy (TechRepublic Premium)
• Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)