Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Show Your CFO and CEO the Potential Financial Impact of a Privacy Breach | Main | Don't Throw Away The Privacy Of All And Jeopardize Network Security To Run A Compliance Tool »

Show "Home Alone" To Raise Social Engineering Awareness

I hope those of you who celebrated Thanksgiving had a great one! I spent a very nice day with my family at my brother's house. After getting back home we decided to watch some Christmas movies, so we spent the evening watching one of my very favorites, "A Christmas Story" and then "Home Alone."

In case you're not familiar with it, in "Home Alone," a couple of crooks stake out homes to burglarize in an affluent Chicago neighborhood. Just before Christmas one of the crooks dresses in a police uniform and goes from house to house to give each resident a "safety" talk and ensure they have proper security in place for their home. What he is really doing, under this guise of being concerned for the homeowners' security, is gathering information about which households will be gone from their homes, the days they will be gone, the time their automated lights are set to go on, the type of security they they are using, and basically everything else the residents readily tell the crooks about their home security.

The crooks are using social engineering to get this information to then commit their crimes!

This is what I pointed out to my 8- and 10-year-old sons as we watched, and explained how this was similar to how people try to get information through emails, instant messages, phone calls, and many other methods to then use it to commit fraud and crime. Even text messages are being used in social engineering attempts.

It was a really good discussion we had as we continued to watch the movie. My sons pointed out the types of information the crooks likely got while they pretended to be policeman as the crooks talked about knowing certain specific types of information about the houses they were in.

We also talked about the types of information that you should never give to strangers, no matter how official-looking they seem.

This is actually a pretty good movie to consider showing not only to your family to raise their awareness of social engineering attempts, but also to your personnel to stimulate discussion and raise their awareness of social engineering as well.

Many organizations show movies and have fun activities planned around this time of year. Consider showing this movie to your personnel and throwing in some informataion about your organization's policies related to social engineering, phishing, and so on, while you're at it. Provide some take-aways for them to take back to their desks to keep the topic in their minds.

If you don't have "Home Alone" it is likely some of your co-workers do. If not, then you can probably check it out from your city or county library.

You don't always need to show films specifically created for information security and/or privacy to raise awareness about information protection and privacy. There are many great mainstream films and television shows out there you can use. And, what's good for your budget is that you can usually check them out from your local library!

I've got a long list of movies and shows, of varying lengths and topics, that are great for showing to your personnel to raise awareness; I'll list them in a separate post.

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on November 24, 2007 11:54 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/582

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.