Unconventional Security Awareness Advice



Evangelists-Javvad MalikOctober is Cybersecurity Awareness Month, and you are undoubtedly being bombarded with some fantastic advice on how to stay cyber safe. 

All the advice means well, but simply put, it all becomes a bit same-y after a while. Hover over links, verify who sent you the email, don’t send $2k worth of gift cards to a recently departed relative you didn’t know existed. 

While all of this and more is good advice, I’m a firm believer in teaching principles as opposed to lists of things to do and to not do. These are the principles I believe can help anyone become more security savvy, and perhaps a more successful individual overall. 

Be Unpredictable

How many times have you seen a movie, or a video game where you have to sneak past a security patrol and managed it without breaking a sweat because the guards movements are completely predictable. 

Criminals need their targets to be predictable. Knowing how the victim will respond gives criminals the upper hand. 

Imagine an army moving in a predictable manner. The opposing troops would know exactly where the enemy will be, and at what time. Giving them enough time to prepare a trap, have a cup of tea, win the battle, and be home in time to tuck the kids into bed. 

The best way is to be completely random. Reply to emails at odd hours. Sometimes answer your phone within 3 rings, and other times just let it go to voicemail to make a point. 

I’m not suggesting you be unhinged, there’s a fine line between being unpredictable and unhinged. I’m not exactly sure where that line lies. But it’s there somewhere. Personally, I’d err on the side of unhinged than become a victim to a cyber criminal. 

Be Rude

One of the biggest traits criminals seek to leverage is our natural tendency to be polite and helpful. 

If you see someone struggling to open the door because they are holding several cups of coffee, we will hold the door for them. If someone looks like they belong in the office, we will leave them be, even if they aren’t wearing a badge. 

It’s because of this that we hear of incidents where criminals dress up like an employee, walk into a store, smile at everyone, pick up the cash register and can walk out without one eyebrow being raised. 

The best defense in these situations is to just be rude. I’m not saying you go out of the way to yell at people or use it as an opportunity to tackle your boss to the ground only to say that at a distance their pass looked fake.

But if someone walks up to the door with two coffee cups. Just shrug and say you need to see ID before you can let them in. Who cares if they get annoyed. Someone looks out of place in the office - just ask if they’re lost. 

When the CEO emails you at leaving time saying that they need you to urgently send 25k worth of gift cards to secure a deal. Just reply with the meme of Dr Evil saying, “How about no.” Report it to security, smile and walk home knowing you are nobody’s PA. Even if you are the CEO’s PA, because you have boundaries. 

Design Your Secure World

One reason we all fall into insecure habits is because security is often seen as a hurdle. As humans, we tend to be lazy and if we see something that even remotely resembles a hurdle, we wave our white flag quicker than the French army.

Whenever I want to go for a run in the morning, I find it easier if I lay out my running kit at night before I go to bed. That way when I wake up, I have less things to think about and can simply put on my gear and go for a run. 

Similarly, think about what stops you or your colleagues from practicing good security, and design your world around it. You’ll be surprised as to how far a little bit of peer pressure will take you. 

If everyone starts locking their machine when walking away from it, all of a sudden, the new person will also start doing it - regardless of whether they fully understand why. After a while, that becomes part of your company culture. 

Become an Informant

The word snitch has bad connotations. If someone is referred to as a snitch, you immediately think less of them and mutter, “snitches get stitches”. But say that you’re an informant, and people will sympathize with you. After all, you’re probably putting yourself in harm’s way to ensure a criminal kingpin is locked away. 

Thankfully the corporate world isn’t quite as dramatic and if you have a cybersecurity team, then absolutely report everything suspicious to them (or the appropriate team).

If you receive a strange email, forward it to them. An unexpected SMS, pass that on to them. Found a USB on your desk, give it to security. They are the ones whose job it is to determine if something is truly bad or not. You probably have better things to do than to try and forensically examine a USB drive to see if it has malware or if your laptop is sending a beacon out to North Korea every 5 minutes. 

What’s the worst that can happen? The security team will simply return your email or USB or whatever it is and say it wasn’t malicious, but will thank you for your continued vigilance… and who doesn’t like to be thanked? 

In Summary

The four things you need to think about to become more secure and allow you to become the best version of yourself are to become unpredictable, be rude, design your world to enable security, and become a snitch. 

Stay up to date on the rest of this evangelist series to help keep you and your users safe during Cybersecurity Awareness Month and beyond!


Get Your Free 2022 Cybersecurity Awareness Month Resource Kit

In today's hybrid work environment, your users are more susceptible than ever to attacks like phishing and social engineering. Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities. We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users defend against cybercrime whether they are fully remote, back in the office, or a combination of both.

Cyber-22-ResourcesHere's what you'll get:

  • Access to free resources for you including our most popular on-demand webinar and whitepaper
  • Resources to help you plan your activities, including your Cybersecurity Awareness Month Guide and Cybersecurity Awareness Weekly Planner
  • New featured interactive training module for your users: "2022 Social Engineering Red Flags," plus 3 additional interactive training modules, all available in multiple languages
  • Resources to share with your users including training videos, security docs, tip sheets, security hints and tips newsletters, plus posters and digital signage assets, all available in multiple languages
  • All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from 

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit 

Subscribe To Our Blog


Cybersecurity Awareness Month 2022 Free Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews