I hope those of you who celebrated Thanksgiving had a great one! I spent a very nice day with my family at my brother’s house. After getting back home we decided to watch some Christmas movies, so we spent the evening watching one of my very favorites, “A Christmas Story” and then “Home Alone.”
In case you’re not familiar with it, in “Home Alone,” a couple of crooks stake out homes to burglarize in an affluent Chicago neighborhood. Just before Christmas one of the crooks dresses in a police uniform and goes from house to house to give each resident a “safety” talk and ensure they have proper security in place for their home. What he is really doing, under this guise of being concerned for the homeowners’ security, is gathering information about which households will be gone from their homes, the days they will be gone, the time their automated lights are set to go on, the type of security they they are using, and basically everything else the residents readily tell the crooks about their home security.
The crooks are using social engineering to get this information to then commit their crimes!
This is what I pointed out to my 8- and 10-year-old sons as we watched, and explained how this was similar to how people try to get information through emails, instant messages, phone calls, and many other methods to then use it to commit fraud and crime. Even text messages are being used in social engineering attempts.
It was a really good discussion we had as we continued to watch the movie. My sons pointed out the types of information the crooks likely got while they pretended to be policeman as the crooks talked about knowing certain specific types of information about the houses they were in.
We also talked about the types of information that you should never give to strangers, no matter how official-looking they seem.
This is actually a pretty good movie to consider showing not only to your family to raise their awareness of social engineering attempts, but also to your personnel to stimulate discussion and raise their awareness of social engineering as well.
Many organizations show movies and have fun activities planned around this time of year. Consider showing this movie to your personnel and throwing in some informataion about your organization’s policies related to social engineering, phishing, and so on, while you’re at it. Provide some take-aways for them to take back to their desks to keep the topic in their minds.
If you don’t have “Home Alone” it is likely some of your co-workers do. If not, then you can probably check it out from your city or county library.
You don’t always need to show films specifically created for information security and/or privacy to raise awareness about information protection and privacy. There are many great mainstream films and television shows out there you can use. And, what’s good for your budget is that you can usually check them out from your local library!
I’ve got a long list of movies and shows, of varying lengths and topics, that are great for showing to your personnel to raise awareness; I’ll list them in a separate post.
Tags: awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, social engineering