The Ultimate Cyber Security Tip

It’s Cyber Security Awareness Month, and the security advice is flowing out from all corners of the web to advise your users on remaining secure. However, all this information can be overwhelming for some, so the question is, can advice be simplified into a few, or even one pearl of wisdom for your users? I think it can.

Check out this video explaining what I consider to be the ultimate cyber security awareness tip: 


It’s important to understand how most attacks are formulated and executed. When we look at social engineering attacks, they pull on emotions. When your users receive a phishing email, it’s never a polite, chilled out email that asks you to reply whenever you get a chance. No, it’s something designed to instill fear, convey a sense of urgency or maybe appeal to curiosity or greed. 

The old tailgating trick of tricking your users into holding doors open for them because they are holding two cups of coffee rely on appealing to the empathy we feel towards others. Ultimately, cybercriminals are relying on manipulating the inherent humanity within us. So, the answer is therefore simple. Show less empathy, care less about others, don’t make other people's issues your concern… in other words, just be rude. 

Now, I’m not talking about your users throwing their phone at a personal assistant because they bought them coffee with the wrong kind of milk in it. I mean following processes without letting emotions get in the way. So, let’s consider the following scenarios:

  1. You’re entering your workplace and a “colleague” is behind you. Let’s say it’s a pregnant female holding two bags, she’s flustered, and struggling to find her pass. The nice thing for us to do would be to hold the door open, I mean, what kind of monster wouldn’t hold the door open? 
  2. Someone senior in the company emails you frantically asking for help and they need you to authorise a payment to a new partner to close a deal worth millions. Of course the nice thing is to be a team player and help them out. We’re all team players, after all. 
  3. You receive a serious call from IT that your computer has some issue that needs to be immediately resolved. They ask you to download software, or worse still, hand over your password. You wouldn’t want to be the cause for the whole network going down, would you?

I’m sure you see the problem here in these somewhat simplified examples. If you and your users follow your instincts and were a nice person, you would potentially fall victim to a social engineering attack. But on the other hand, if you went full grumpy old man rude, akin to Clint Eastwood, you’d be slamming doors in the faces of people, deleting important emails, or causing your organization's network to shut down.

So clearly, the answer lies somewhere between being sweet as apple pie and rude as Clint. 

rudeness vs security tip example

This is what I like to call the “gangsta gran zone”. It’s like your gran, a sweet lady, full of love and empathy, but one who doesn’t suffer fools. 

So the advice is simple -- be as rude as you need to be. If we revisit our scenarios, and you reach the door with your colleague struggling to come in, stop and be supportive and kind, as if they are genuine. But don’t give them a free pass. Offer them a seat, a glass of water, carry their bags. Escort them to security, or wait for them to find their pass. There are many options you can explore without letting them enter, or leaving them to fend for themselves.

If it wasn’t already obvious, the examples listed are meant to be tongue in cheek but it's important to remember cybercriminals are not nice, and they will stop at nothing to get what they want. If your users asks you something on the phone or over email, refer them to the policy. Follow correct procedure and safeguard your own actions and the organisation overall. It’s not that you want to be awkward, or deliberately rude, but you need to find that balance so it’s less likely that someone will be able to take advantage of your kindness and willingness to help. Stay gangsta, gran!

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews