There’s nothing like a global cyber attack to make you rethink your approach to online security. Appropriately named WannaCry, the attack crippled hundreds of thousands of computers by exploiting a Windows vulnerability—one Microsoft had patched two months ago.
Unfortunately, many companies and individuals either failed to update their systems or were running old, unprotected versions of the software. Those of us who select “remind me tomorrow” option when prompted to install an update should heed this warning.
By this point, most of us recognize our online security is vulnerable and that, in order to protect ourselves, we need to be vigilant about updating our software, changing our passwords, encrypting our data, and turning on two-factor authentication. And yet, when faced with a security update or upgrade, we put it off until tomorrow. Which doesn’t sound so bad—except when one day is followed by another 365-plus of them.
It’s a classic case of procrastination, says Timothy Pychyl, a psychology professor at Carelton University. While an organization might have financial and operational reasons for dragging its feet on installing an update, on an individual level, the decision is usually motivated by emotion.
What’s really happening when you click “Remind Me Tomorrow.”
Pychl doesn’t mince words. If you understand that updating your software is important, and you can spare the few minutes it takes to complete the process, by not acting, “you’re behaving like a child,” he says.
Procrastination, on everything from deadlines to diets, is what happens when we allow our feelings of aversion for an activity keep us from doing it. “It’s the inner six-year-old going, ‘I don’t want to,’ or ‘I don’t feel like it,’” says Pychyl.
As a species, we’re innately talented at reverse-engineering justifications to rationalize these emotions. In this way, the minor inconvenience of updating a password can be pushed aside with a hollow excuse, such as ‘I just don’t have the mental energy today.’
What’s more, “it’s human nature to make rational decisions over irrational periods of time,” says Pychyl. Because postponing a password update by one day doesn’t expose us to a much higher degree risk, it’s easy to push off. When we repeat this same option for days on end, of course, the equation changes. But crucially, the way we evaluate the decision doesn’t change–and so we often continue to stall for months on end.
What you can do about it.
Start by acknowledging that procrastination is pretty primal. If the thought of turning on two-factor authentication makes you simultaneously frustrated and bored, by all means, acknowledge these basic emotions. But instead of complicating them by adding layers of manufactured rationalizations, “bite the bullet and do it anyway,” says Pychyl. “You aren’t going to feel like it tomorrow, either.”
It’s also helpful to recognize that you can be organized and prompt in most areas of life, and a chronic procrastinator when it comes to online security. Avoidance is situational, and “for many of us, computers are completely magical and mysterious,” he says. While we “know” we need to update our software and change our passwords, we often don’t know it in the same way we understand that blowing deadlines will hurt our careers, or developing a McFlurry habit will add to our waistlines.
Pychyl isn’t convinced this latest global malware attac k will motivate many people to change their online security habits. “We tend to think that bad stuff happens to other people—other countries have wars, other people get sick,” he says. “We’re not good at seeing the potential of harm coming our way.”
Bottom line, then? When it comes to developing better online security practices, “don’t give into your feelings,” and act now.