One of my more popular recent posts was on “The 4 Thoughts of Highly Secure Users”, in which I discuss four aspects of a typical user who has the right mindset in terms of cybersecurity and infosec. Guess what? It’s time for round two. Prepare yourselves for four more thoughts of users who are ready to face the ugly cybersecurity threats of our day and age:
1. “You sound weird.”
“Salutations sir or ma’am, I am from microsoft help deske. Kindly do the needful and send me your password or Windows will be shut down without delay! There is a virus and barnacle! Happy Pie.”
Everyone has received spam like this at some point. You don’t have to be Noam Chomsky to see that the above is too much of a linguistic nightmare to be an official Microsoft communication (much less the blatant request for your password).
A secure user pays attention to grammar, spelling, and word choice when communicating with unfamiliar parties. If the person on the other line sounds they just ran their sentences through Google Translate’s most unforgiving interpreter, then it’s time to either ignore or at least ask the IT team’s opinion on the matter.
2. “Why is my computer running so slow?”
This may seem like a bit of a truism – but you’d be shocked how often users are willing to sit on poor computer performance before ever asking questions about it. I once worked with a user who complained of poor computer performance which turned out to be due to an enormous amount of malware and adware on her machine, all of which had escaped detection. When I asked her how long this had been going on? Her answer: “A few months.” I almost fell off my own feet.
She should’ve called us the moment she first noticed a problem. That’s what IT support is for. Not just for the sake of her productivity, but for the sake of security – as we saw. That’s why IT problems should never just go unreported; you never know when it might be related to something more sinister.
3. “I need a hard-to-crack password.”
Ahhh, the fundamentals. Back to basics. Nothing fancy or complicated here: A secure user is one who understands just how vital their various passwords are to enterprise security and treats their complexity with the proper respect. Not sure what constitutes a proper password? I’ve written about it here: How to Practice Good Password Security.
Of course it’s tempting to use a simple password; quick to enter and easy to remember. But I’ve seen more than one ransomware outbreak be traced back to the cracking of a ridiculously simple password somewhere along the line. A secure user is less concerned about the ease of entering their password and more concerned about costing the company thousands or even millions or dollars when their simple password is cracked by a patient brute-force hacker.
4. “What more can be done to protect me?”
Lazy IT boneheads across the planet recoil at the thought of a user who asks this question.
*Spits coffee* “What MORE?! Daggum, don’t I do enough already? Angry Birds isn’t going to play itself!”
IT professionals like myself and the readers of this website, meanwhile, are filled with giddy gleefulness. Perhaps TOO much gleefulness. “What more can be done? I’m glad you asked, Gladys. I’m glad you asked…”
I once advised a small business client to consider multi-factor authentication for one of their most sensitive enterprise web applications, but the owner wasn’t so hot on the idea. Seemed like a too much of a workflow pain, in their opinion. Not long after, one of their VIP employees asks me the golden question: “This web software has multi-factor authentication available. Why aren’t we using it? This is a big security plus.” Bingo! I brought this question back to the owner, who acceded to employee concerns and gave the thumbs-up for implementation – which we did, and it worked marvelously with very little disruption. Had it not been for the proactive security mindset of the mentioned user, they might just be a cracked password away from disaster to this very day.
Adiós, until round three.