I had the opportunity to explain to my five year old niece, Sophia, about security. If you haven’t had a chance, please read my first blog on this subject, Cloud Access Security Broker (CASB) Model: A Simple Explanation for My 5 Year Old Niece. Today, I would like to talk about the challenges I had when I told Sophia about users, their passwords and educating users on how to protect their passwords.
“Dear Sophia, do you remember how your parents kept their keys for the car, the house and the boat on one keychain? Well, sometimes they forget the keys at the office or leave them on top of a table, and at that point, anyone can take those keys and gain access to your house, the car or the boat.
Do you also remember that sometimes the babysitter comes, and your parents give her a key to the house? The babysitter is yet another “user” just like your parents, that needs a key to the house. Also, the cleaning lady will need access to the house, so she is a user as well. There are many people that come into the house, the service people for the cable, the kitchen appliances and the pool.
Think about them as users that need access to the house, the car and the boat. What happens is that anybody with access to the keys will have access to the house, the car and the boat. So to protect the house, the car and the boat from strangers, we use keys. When we are working with computers, we also use a key in the form of a password. So, when we are accessing the computer, it will need a password. Well, Sophia, let me tell you how you can educate your parents on how to protect your password as a user. Even with the best technology, computers are not 100% secure. Sadly, the weakest link in the security chain for computers is users themselves. Tell your parents to use strong passwords; users hear this constantly, but many still aren’t listening. Passwords should contain a mix of uppercase and lowercase letters as well as numbers or special symbols (like % or $). Passwords should never be something simple like the name of your son or your birthdate.
Tell your parents to avoid phishing scams: nobody should be asking them for their credentials, their username, password, social security number or other sensitive information in an e-mail. Also, never click on web links within unsolicited e-mail. Warn your parents to protect their desk as it may have memos or documents that contain sensitive or confidential information, or might have classified information displayed on the computer monitor. Moreover, tell your parents to always be aware of who is nearby, and to secure information assets by locking their PC before they leave your desk. Also, tell your parents not to open attachments, unless they are 100% sure of whom the e-mail came from and what the attachment contains.
Furthermore, let your parents know that they should keep the virus detection on, and not install unapproved software. Even if software is free, downloading software from the Internet is a primary source of viruses, spyware and Trojans, and even legitimate software may not be compatible with other software on their computer and could cause conflicts. Lastly, tell them to beware of instant messaging, as it can be a way to transfer viruses and other malware or initiate phishing attacks.
So, when in doubt, if you or your parents are suspicious of something or something just seems weird, contact the experts to help.”
Sophia looked at me, and said, “Uncle, I will make sure my parents understand they need to protect their keys and their passwords so that no stranger can come in to the house or the computer.”
I was relieved to hear she now knew about the number one issue that plagues modern technology: the users and how they manage the passwords to their resources.
Read more on how to manage your users and passwords with our white paper: Stop Password Sprawl with App Single Sign-On (SSO) via Active Directory.