By Michael DeMarco on Wednesday, 25 December 2024
Category: BSSG Blog

A Christmas Carol (About Cybersecurity)

Every year around this time, some particular stories are often told as part of ongoing family tradition. We like to take some time and share some holiday stories of our own, slipping in our own lessons that mainly apply to the businesses we work with and amongst.

What follows is one of these tales.

Easton Scrooge stepped out of the front doors of Ebenezer Money Management, named for his infamous relative and the ridiculous story that so many associated with his legacy. He rolled his eyes and flipped up his collar to protect his neck from the bite of the cold winds whistling their way through the business district. 

Unlike his ancestor, Easton had no issue with Christmas—he loved it—and was tired of people hearing his name and assuming he had the same beliefs as old Uncle Ebenezer. He was the last person in the office by some time, as everyone else was sent home at noon with a full day’s worth of pay.

Shivering in the cold, Easton pulled out his phone and requested a car via his favorite rideshare app. A few moments later, he was in the backseat of a Honda CR-V Hybrid and on the way to his apartment.

A few hours later, after a lovely Christmas dinner with his partner and their beautiful child, still happily seated in a high chair, Easton was glad to settle into bed and sleep before Christmas morning's excitement. He smiled as he thought about the gifts he planned to give and how fortunate he was to be in the position to do so. His thoughts again drifted to his Uncle Scrooge and the supposed origin of his family tradition of bringing donated gifts and meals to the less fortunate.

It seemed this would be another wonderful Christmas as Easton fell into a deep, peaceful slumber.

However, when the digital readout on his alarm clock switched to 1:00 AM, Easton felt something jostling him awake. He opened his eyes and flew upright, startling a strange individual from his bedside.

The man staggered back, allowing Easton to get a clear view of him.

He was short, almost comically so, the tiniest pair of glasses with perfectly circular lenses perched on his nose. The smallness of these glasses was only accentuated by the size of the pale blue eyes behind them. He wore a visibly inexpensive suit, even without considering the giant block letters on his chest spelling out “P@SSWORD.” The figure seemed to gasp for air and produced a sheet of paper covered with scribbled writing from his jacket. He then used the paper to dab at his forehead, wispy grey hair floating in the air as though underwater.

“Goodness, you startled me.” His voice was reedy and seemed too loud to come from such a slight figure.

Despite the ridiculousness of the situation, the young Scrooge couldn’t help but feel indignant.

“I startled you? This is my home! Get out before I call the cops!”

The stranger shrugged, gesturing toward the mobile phone charging quietly on the nightstand.

“You’re welcome to try.”

Incredulous at the intruder’s apparent casualness at the thought of the police coming around, Easton reached for his mobile phone. He became all the more incredulous when his hand passed right through the phone and into the nightstand itself.

“Wait, what?”

At this point, Easton fully got out of bed to thoroughly examine the nightstand, and as he did so, he saw that he was still lying motionless under the covers and that his partner hadn’t stirred in all the commotion.

The young Scrooge reeled back, his incredulity swiftly shifting into fear.

“How is this possible?”

The intruder seemed to gather himself before answering.

“I am the Ghost of User Error, and much like your ancestor Ebenezer was visited to allow him to change his ways, I am here to warn you that—without actual change across your business—you and your entire team are doomed to suffer a life of ignominy and poverty.”

Easton Scrooge could hardly believe what he was hearing. Were the stories about Great Uncle Ebenezer true?

The spirit continued:

“Tell me, what password do you use to protect your business’ data?”

Easton felt himself blush, which he never thought a spirit could do. He answered truthfully, “JacobMarley1843.”

The Ghost of User Error looked aghast. He shook his head and sighed.

“And I thought I was terrible at cybersecurity… you never use anything that could be tied back to you as a password! Ever! What passwords do your business’ social media accounts use?”

Easton admitted, “JacobMarley1843.”

“All of them?”

Easton nodded.

“And your business email?”

“The same.”

Again, the Ghost of User Error sighed, shaking his head.

“Well, you clearly know Ebenezer’s story, so you can probably guess what comes next: I will show you what could and likely will happen if you don’t improve your password practices.”

Easton nodded. After all, resisting had done nothing for old Ebenezer, and he still wasn’t convinced this wasn’t all a dream.

Nodding back, the Ghost took the mobile device off the nightstand without issue and, when prompted to put in a passcode, simply pressed zero four times. The phone suddenly received a text message with a photo attached. The Ghost handed the phone to Easton, who found he could now also take ahold of it.

The young Scrooge looked at the photo his phone had received and saw it was someone else’s office, dozens of workers typing away at professional-looking workstations. Some were carrying out conversations on the phone, while others were carefully crafting text messages. Scrooge looked up, only to find his bedroom had vanished, and he was standing in the same office he had seen on his phone. Nobody seemed to notice him standing barefoot in his flannel pajamas.

The Ghost wordlessly guided him to a certain user’s workstation.

Scrooge looked over the worker’s shoulder and was shocked to see that they were accessing his business email account, his business’ social media presence, and all of his business’ internal data and trade secrets. He looked at the Ghost for some explanation, and the Ghost simply pulled out an old-fashioned pocket calendar book. Opening it to December 24th, the Ghost of User Error flipped back a few pages, landing on October 15th.

As he did so, the office around them started working in reverse, time sliding backward as day became night and back again with all the users moving about, undoing various tasks, and untyping words on their keyboards. 

Suddenly, everything stopped moving in reverse. Easton Scrooge found himself standing behind someone holding a very familiar phone conversation. While he could only hear half of the conversation, he knew what was being said. He was the one who had said it.

“Ah yes, Mr. Scrooge, thank you so much for calling us.” The man seated at the workstation spoke professionally and clearly, just as you would hope a support professional would after you’d responded to an email warning you about a potential issue with your account… as Easton had, on October 15th.

“I can certainly help with that, sir. First, I’ll need you to confirm your username and password.”

Easton grimaced. He remembered that he had been only too willing to provide both. In front of him, the man carefully recorded his answers.

“Okay, now let me check something out for you. Let’s see…”

The young Scrooge remembered how anxious he had felt for these moments and got a little angry to see the man before him take a few more sips of coffee and wait before speaking up again.

“Good news, sir, your account was not impacted by this event. You have nothing to worry about.”

Scrooge gnashed his teeth as he recalled how much relief these words were to hear and how enthusiastically he had thanked the scammer.

“It truly is my pleasure to help you, sir. I hope you enjoy the rest of your day.”

Easton Scrooge watched as the man then took the information that Scrooge himself had provided and started plugging it into a litany of other websites and accounts. He winced as Facebook, LinkedIn, his email, his work accounts, his banking applications, and so many others were swiftly accessed by this scammer. He groaned as he realized how many had a credit card linked for convenience.

At his shoulder, the Ghost of User Error shook his head in pity. He then spoke up in his thin, reedy voice.

“I think we’ve seen enough.”

With that, the Ghost reached over to the phone still grasped in Easton’s hand, redialing the four zeroes he had before. Scrooge blinked and found himself back home, next to his sleeping body. 

He looked at how peaceful he seemed, unaware of what had happened. He saw his partner, with whom he shared a trust he feared would be broken by the ramifications of his mistake.

He thought of their child, sleeping peacefully in the next room, and how drastically life would change for the innocent one he was supposed to protect. He thought of his team, who relied on him for their livelihoods, and how this could impact them in many ways. His thoughts then turned to all the records his business kept on the clients they had signed over the years and how they might be abused with the information stored by Ebenezer Money Management.

As the weight of his error truly settled on his shoulders, Easton Scrooge began to cry… and while not as dramatically as his uncle did, turned to the spirit by his side and began to plead.

“Please, spirit, help me make this right. My family and my team… none of them deserve to suffer because of my mistake. How can I protect them?”

The spirit smiled, proud that Scrooge had not shied back from his responsibility in the matter. Gently, he reached out his hand and took young Easton by the shoulder.

“Do not fret. I have not shown you things that have happened… not yet, anyway. I have simply shown you a real future you could face if you don’t improve your password practices.”

Easton couldn’t believe his ears. He still had a chance?

“How, spirit, tell me what I can do to protect those who rely on and trust me?”

“All you must do, Scrooge, is always keep the spirit of cybersecurity at the top of your mind. Use different passwords for each account, each unique and difficult to guess by either man or machine. Implement a password management system to help you keep track of all these credentials by storing them in a single, encrypted vault, only accessible by a single password for you to remember. Keep an eye out for any data breaches your data may have been involved in, and update your access credentials if there is a chance they may have been compromised. 

“Follow these standards in both professional and personal life, and share these values with your team and loved ones. This is how you free yourself of this future and its consequences.”

Like his ancestor was so many years ago, Easton was filled with joy and resolve as he realized what difference a few changes could make.

“I will, spirit! I will honor cybersecurity in my heart and keep it all year! The lessons I have learned shall strive within me. I will not shut out these lessons; I will share them with others!”

After that night, Easton had no more interactions with the Ghost of User Error. Still, he did change all his passwords and provided a password manager for his entire team at Ebenezer Money Management. He now knew how to keep his data and the data his clients entrusted to him secure.

Leave Comments