What do you do when you find an unlocked computer in your office? Does it make you cringe? Have you ever been to a coffee shop, conference, or even walking around your office to see a random computer sitting there completely unlocked while unattended? Depending on your position, you may not even notice, but hopefully after today you will keep your eyes peeled. We are going to talk about what led our team to creating UnlockedComputer.com
and how you can use this free tool from Curricula to help educate your employees about the risk of leaving their computers unlocked.
What led us to launching this free tool?
A few months ago I posted a question on LinkedIn asking what companies currently do when they find an employee’s computer unlocked. The question was more about how do companies educate their employees about not leaving their computers unlocked. Hundreds of thousands of views and comments from around the world came in, and we didn’t really see an answer we loved. It was starting to become apparent that the community doesn’t have a great answer to helping their employees lock their computers.
What were the answers?
[image url=”https://www.curricula.com/wp-content/uploads/2019/10/david-hasselhoff.jpg?v=1″ caption=”David Hasselhoff in the original ‘Baywatch’ TV series (Photo: BBC)”]
David Hasselhoff was hands down the most popular answer. The Hoff was just flat out replaced as the desktop background image. When people see an unlocked computer, there is some type of magnetic pull that leads them to putting a picture of David Hasselhoff on the desktop. Don’t get me wrong, a memorable picture of the Hoff clearly has made an impact on its victims. I still don’t really know why he has become the worldwide star of this phenomena, but this is the reality we live in today. But what else was out there to help change behavior of leaving computers unlocked?
Other responses to the question included,
[blockquote]”I slam the clean desk policy back in their face.”[/blockquote]
Some said due to corporate rules, an employee can’t touch another employee’s laptop. This is definitely an interesting legal approach to securing accounts, but we still didn’t see an answer to help educate the employee. We also ran across companies that would encourage sending a public email out to the entire staff from that employee’s email account. The email would say something like “I am writing this to let you know that I left my computer unlocked and I didn’t send this email.” A bit aggressive, but apparently it got the point across very quickly on why you shouldn’t leave your computer unlocked. This didn’t resonate well with employees and created quite a bit of resentment amongst the employees.
We did see a positive answer to enforce locking computers with technical controls through Active Directory or other device management services. This is a great start and definitely puts some guardrails up for employees. Personally, I setup hot corners on my computer. It’s become instinctual to throw the lock screen up, even when I am working at home by myself. I know others that do the same, it has become a habit to lock their computers. It is actually hard not to lock the computer and for some people, it feels like something is missing if they don’t. We knew that we could help promote locking computers around the world, but we needed a creative way that can help everyone in that mission.
How we are going to help
Curricula spent some time after this initial research to continue to find out how others are dealing with the issue of unlocked computers internally. The answers were still clearly not there. People from all over the world responded with the same old boring approaches that we already heard. Pointing back to the policies, booking a 1-hour mandatory remedial training discussion (sounds horrible), signing them up for more Death by PowerPoint sessions in their LMS, and otherwise doing nothing. With today’s fascination behind running endless phishing tests, we wanted to prove that a security awareness program should do more. A powerful security awareness training program
should be designed to build a culture with your employees.
We launched UnlockedComputer.com
to do just that. Easy to remember and as an extension to the Curricula app, anyone can use this tool to help educate people on why they should lock their computers. The moment is brought to life with one of our favorite beloved characters DeeDee. DeeDee is a villain in the Curricula universe that uses all types of tactics to hack her victims, even if it’s just for concert tickets. DeeDee even brings our phishing simulator full circle and keeps employees on their toes with her simulated phishing tests
. So stop making DeeDee’s job easy as a hacker, and lock your computers! We even include a few training steps that can help guide employees how to lock their own computer on a Windows machine or a Mac.
IT Admins and employees (with permission of course) can simply display unlockedcomputer.com
on the web browser for the device that was left unattended. This will display a simple training page that will showcase DeeDee and help employees learn why and how they can lock their computers. Enjoy and if you have a ton of complex legal rules at your company, don’t worry you don’t need to use this tool! Our team just wanted to make a simple and fun option for everyone to educate their employees about securing their devices and keeping them locked when unattended.