Lax security? Now you're stuck, sucker

Sometimes a security lesson has to hit them where it hurts before the user learns

Lax security? Now you're stuck, sucker
Paul Townsend (Creative Commons BY or BY-SA)

When I started in the world of computers in the 1990s, people weren't too secure in their daily habits with the office PC. Viruses like Melissa had not yet emerged on the world stage, and of more concern was other co-workers reading your emails -- and the kinds of problems it could cause. As I began an internship at a large multinational corporation in a nearby city, I soon found out.

Fresh out of college, I was used to locking my computer screen before rising from my seat, as we students tightly guarded our work. The competition was fierce to produce new code or solutions to problems the professors proposed. Everyone wanted to be the next coding wizard, so we secured our efforts before getting up and walking away.

At my internship, people were already employed and the competition was not as dogged. I advised them to take precautions when they left their computer unattended, but as I walked around the office to fix printers and answer questions, it was not uncommon to see most of the PCs left logged in and not protected -- even in the IT department. For people at this company, convenience outweighed concerns.

Peer pressure sets the stage

The corporation was very much into “community service.” Emails continually arrived, soliciting blood donations, help with landscaping for local parks, and hours at the local food bank. Everyone felt a hint of pressure to do a certain amount of “volunteering” to keep in the hunt for promotions but not rob too much from their personal life. But one day, an event prompted people to change their minds about their computer screens.

I was busy coding when I heard an expletive from across the floor. Figuring it was a computer problem, I went to investigate.

Imagine my surprise to find an employee sitting still and staring at the screen with his mouth agape. I inquired into the problem, as all seemed fine at first glance. He sputtered that he’d gotten a reminder that he had volunteered several months before to help with spring cleanup at a local park on the upcoming Saturday -- but he hadn’t signed up for it! How did this happen?

Then the light came on.

A breach into free time 

When the email was first sent eliciting help, he had read and ignored it. However, he’d left his computer on at lunchtime, and a sneaky co-worker had taken advantage and “volunteered” him. Now he was trapped and afraid to decline (a sin worse than not volunteering). He had to change his personal Saturday plans so that he could clean the park.

It was very easy to convince him to set a password on his lock screen, and he begged me not to help anyone else do so until he had his revenge on the person who had done this dastardly deed. Ah, corporate America -- live and learn.

Through this experience, I also found that though your advice may be wise, an example that hits someone where it hurts carries much more weight. At least it wasn’t a more nefarious act -- this time.

Copyright © 2016 IDG Communications, Inc.