There are some people in this world that I trust, and then there are all the others. For instance, I trust our neighbours with a key to our house so they can come in and water the plants while we’re away, and of course we do the same for them. We’ve known them a long time and they’re the same kind of people as us. More specifically, since we wouldn’t ransack their house, or carelessly leave their door open, we can trust that they would take just the same care with our house.
There are very few people I would trust to do this. Everyone else, by definition, I mistrust. But I don’t mistrust them because I have specific reason to believe that they would harm me, I just mistrust as a general principle: don’t trust anyone with your front door key unless you are very certain of their benevolence and trustworthiness.
Which brings us to cyber security. You don’t let in strangers to your house without a darn good reason, and in the same way you don’t give strangers access to your computer without a darn good reason.
A large proportion of cyber-attacks begin with e-mail containing an attachment or a live link. Opening an e-mail attachment or clicking on a link can have the same effect as letting a stranger into your house. How is it that some people will blindly open an attachment from someone they don’t know, even though they would never dream of giving their front door key to a complete stranger?
I think one of the reasons that IT has problems with security at the retail level is that we approach it from an unnecessarily technical perspective. We tell users all about Trojans and phishing, but what they actually hear is something about contraceptives and a word that sounds rather like urinating. No wonder they get confused. We need to put things in language they can understand.
So how about telling them “Every time you click on a link that you aren’t absolutely sure about, or download an attachment your aren’t absolutely sure about, it’s rather like giving your front door key to a stranger. You may be OK – but do you really want to chance it?”