1-“In a study done in London, people in subway stations were offered a cheap pen
ID: 3692914 • Letter: 1
Question
1-“In a study done in London, people in subway stations were offered a cheap pen in return for disclosing their passwords. About 90 percent offered their passwords in return for the pen. What can be done to get people to take security more seriously?” 2-Two cases are possible depending if people have skills on IT or not. Describe how can you convince a person you know of the importance of protecting his password in both cases? o Case 1: a person has IT skills o Case2: another person does not have any skills Note: please No plagiarism and the answer should be regarding in course of Ethic
Explanation / Answer
Please follow the below article :
The importance of passwords :
Passwords ensure the security and confidentiality of data that is stored on various workstations and servers across campus. Some of this data includes student and employee names and addresses, grades, evaluations, timetables, payroll etc.
It is your responsibility as a user, to make sure that all your account passwords are as difficult to guess as possible.
Did you know that…
a) a weak password can allow viruses to gain access to your computer and spread through the University of Ottawa’s network?
b) an easy-to-guess password can allow hackers to use your computer to hack into other computers connected to the University’s network?
c) these same hackers could use your e-mail account to send malicious messages to everyone in your address book, Inbox and others?
d) you could be held legally responsible for any damage caused by someone using your account?
Don’t use…
a) previously employed passwords or variations of them
b) proper names,
c) words from the dictionary,
d) common character sequences such as “123456”, mar2004
e) derivatives of user-IDs,
f) personal details such as variations of your own name, your spouse’s and pet’s names, license plate numbers, social insurance numbers, and birthdates
Do's…
a)create passwords that are at least 10 characters in length
b) create passwords that are difficult to guess
c) use at least three of: alphabetic, mixed case, numeric and punctuation characters when creating a new password
d) vary the case of the letters such jSno34Rt
Tip 1 : Think of a full sentence. Now take the first letter of each word from that sentence and add a few digits to the end.
Tip 2 : If the system allows for long passwords, use a pass phrase. A pass phrase is easier to remember than a short, complex password, and is usually faster to type in as well. For example, consider the sentence, "I think, therefore I am." Use the complete sentence as your password. Remember that a proper sentence has punctuation and upper/lower case characters, so use a combination of these in your pass phrase. Our Active Directory accounts support pass phrases.
Two cases are possible depending if people have skills on IT or not :
Case 1: A person has IT skills :
My recommendation is to show them what implications this may have for his business. Especially emphasize the fact that if you got attacked and information gets disclosed (you can provide him with examples of other companies that got hacked like Linkedin or Yahoo) the reputation of his company is at stake. Especially when dealing with sensitive data. Also do remind him he (yes he personally) can be held liable for a breach if he was informed that he did not do enough to protect the system. (You could also say because he was informed before hand that there was a breach, but that might be considered too much of a threat).
The best way to go is to point him to the laws, industry regulations, and real world cases where companies have lost their shirts and executives walked out the door or sent to prison for breaking them. Nothing motivates execs like personal risk. Make it apply to them, not just to the company. You can talk about best practices and industry standards, or even how audits require these things, but they may not care unless you show that by not caring things could get real ugly for them.
Case 2 : Another person does not have any skills :
let me also bring up something that psychologists call “protection motivation theory.” This theory says that the main reasons people don’t act in the face of a likely threat are that they don’t believe
(1) that they are vulnerable,
(2) that the threat is severe, or
(3) that any action will really keep them safe.
So, the question becomes, can I—and apparently lots of people like me—overcome both rational inattention and the protection motivation theory to be made to believe that hacking threats are a real danger to us, and that there are things we can do to protect ourselves?
I believe the answer is yes. And as a marketing professor and a behavior-change expert, I have come up with five recommendations for ways to increase protection motivation.
1. Make the threat more personal :
Instead of simply asking people to add anti-spyware programs, ask people questions that make the threat hit home. Ask, for example, if they want to know when someone may be spying on them. Last year, after consumer accounts at major retailers like Target and Home Depot were breached, I declared myself invulnerable because I don’t shop at either of those stores. I would have paid more attention if I was prompted to consider the possibility of my favorite retail outlet being the next target.
2. Make the protection more relevant and easier to understand :
It is more difficult to deny threats when you can see yourself being attacked or find out that you cannot depend on safety in numbers.
For example, when I read the news that a Russian crime ring had stolen 1.2 billion username and password combinations, I figured I was pretty safe since there are seven billion people on Earth. I would be more motivated to protect myself if I was told the Russian crime ring was targeting American women. Similarly, I would be more motivated to upgrade my software if the accompanying message from the software company explained how I am receiving greater protection instead of just telling me I am getting more sophisticated stuff.
3. Cut the number of steps :
The less we have to do to gain security, the more likely we are to do it. For example, systems could be designed so that computers don’t have to be plugged in to receive software downloads; companies also could reduce the need for users to act by making antivirus software the default. If some types of auto-upgrades are impossible, people can be nudged to protect themselves by being asked to choose between two options: I want the new software because I want to protect the information on my computer, or I do not want the new software even if the information on my computer is less protected.
4. Provide an effective solution :
When a practical solution is offered, we are more likely to change our behavior. The use of digital fingerprints is easy and foolproof: A fingerprint is hard to copy and never changes. Or let someone (or something) else, like a password manager, generate passwords and save users’ credentials for each website. My research shows that people are willing to acknowledge they are at risk if they believe there is something they can do to protect themselves. For example, there are smokers who are not willing to do something about quitting smoking—which entails believing that they are at risk of getting lung cancer—until they are shown how easy it is to use a nicotine patch.
5. Overcome cognitive barriers :
The biggest deterrent to complying with cybersecurity guidelines is remembering a random sequence of letters, numbers and symbols. If a new password is difficult to remember, train people to create complex passwords they can remember even if they are not linked to personal information—iLove25leep247! And pick something that makes you happy, because bundling something positive with something negative is the best way to make the negative less negative.
Hope this is helpful.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.