Bob Newhart And Cybersecurity
Key Points in This Article:
- The comedian Bob Newhart’s classic MADtv holds a valuable lesson that can be applied to cybersecurity.
- To stop bad outcomes, we must stop the behaviors that lead to them.
- We must flag suspicious emails and stop following their instructions to secure our businesses.
There’s an invaluable lesson Bob Newhart can teach you about cybersecurity.
For younger readers, the name Bob Newhart may not be familiar. He’s a famous comedian, most commonly associated with an eponymous short-lived sitcom, “The Bob Newhart Show,” though his television and film career span decades.
There’s a classic video from the sketch comedy show “MADtv” show in which Newhart guest stars. He plays a psychiatrist (much as he did on his sitcom), offering counsel to a woman who comes into his office sharing concerns about claustrophobia.
“I’m going to say two words to you right now,” Newhart says. “I want you to listen to them very, very carefully. Then I was hoping you could take them out of the office with you and incorporate them into your life. Shall I write them down?”
“Well, if it makes you comfortable,” says the nervous patient.
“It’s just two words most we find most people can remember,” he continues. The patient takes a pen and pad out of her purse anyway. He waits for her to get ready. Then he leans forward and shouts:
She’s understandably flustered, but he repeats himself, then spells out the words. As she struggles to compose herself, he reiterates her fear and then tells her and repeatedly to stop it.
The humor lies partially in that when we speak with psychiatrists, we typically describe complex problems and often get complex answers, sometimes over time. But Newhart’s character reduces the complexity to a simple action step.
It’s an action step we’d do well to remember.
Hear From Our
Read Our Reviews
Bob Newhart and Cybersecurity
It’s easy to get lost in the complexities of information technology. After all, IT can be complex. There are many moving parts, various users, and lots of jargon. And cybersecurity is no different. As IT evolves, so too do hacking schemes and attacks.
Many of them come with complex names. And many hackers use sophisticated approaches to get what they want.
Take phishing. Hackers design and distribute authentic-looking messages to dupe you into providing sensitive information or downloading malicious software.
There are many variations, from spear phishing to whaling to angler phishing. There are many different threat actors, from your run-of-the-mill cybercriminal to hackers working to advance ideological agendas to agents of foreign nations. And there are many different things they could be after, from your financial info to proprietary information to bragging rights.
This is getting complicated.
And the hacker will use emails that seem credible. You could get an email that appears to be from your accountant asking you to transfer $5,000 to a vendor’s account today to cover a past-due payment. Or you might get one from your IT department indicating they need you to download a specific application now, or your device could be at risk.
Phishing schemes themselves can also be complicated. And they can be costly. An estimated 60 percent of companies cannot withstand the financial costs of a successful breach and go out of business within six months.
60 percent. More than half.
And if that’s got you wondering what to do, part of it comes down to Bob Newhart’s sketch. Sure, you can buy all kinds of complicated security measures to mitigate the risk of phishing emails landing in your or your employee’s Inboxes. Likewise, you can use many fancy applications to monitor your network activity, detect intrusion attempts, and quarantine any infected systems.
All of these things have merit. And they’re complicated.
But there’s a straightforward thing.
One thing you need to do – you absolutely must do – is to “Stop It.”
And you have to train your employees to “Stop It” as well.
Preventing Phishing Schemes from Succeeding
More often than not, hackers succeed because we fail. A security patch wasn’t applied. Someone left their device open and running in a public area. Retired software hasn’t been replaced. We didn’t require employees to change their passwords at all.
Human error aids hackers and criminals immensely.
Nowhere is this more likely true than in phishing attacks. Phishing emails urge/demand/threaten us to take some action, whether sending someone information or downloading information.
But there are usually some signs that the email is fraudulent:
- You’ve received the email out of the blue
- The email has a lot of grammatical errors and inconsistent formatting
- The domain name doesn’t match the email address
- Some links inside the email are broken
- The tone seems unusual
- The request is urgent, but you’ve received no other communication about it
- The request contradicts internal financial or IT policies
- The email contains attachments with unfamiliar file extensions
And, consumed by our day-to-day work lives, we don’t look for these signs. Or we see them, ignore them, and do exactly what we’re asked to do to move on to the next thing on our list.
Or, even though we know there’s something not quite right about the email, we find ourselves compelled by its sense of urgency. Maybe it seems to have come from our boss, and we don’t want to risk incurring their wrath by calling them to double-check the request.
Or, we recognize it is a phishing scam but don’t report it to IT, figuring it’s obvious enough and that all staff should recognize it as clearly as we do.
To all of these destructive behaviors, we say, “Stop it.”
Stop ignoring your gut.
Stop avoiding your responsibility to scrutinize your emails.
Stop neglecting your obligation to flag suspicious ones for investigation.
Stop double-checking with the sender whether they did send the email.
And above all else, stop doing what these emails say.
Stop handing over your password, corporate credit card info, or server login credentials.
Stop downloading attachments with file extensions you don’t recognize.
VPN, encryption software, firewalls, password managers, secure devices and WiFI, antivirus software, supported software, and network monitoring are all very important. But they won’t help you protect your business if you or your employees hand them the keys every week.
You must train your employees to recognize and flag suspicious emails, not respond to them.
When it comes to fraudulent requests, your employees must “Stop it.”
And when they’ve mastered those two simple words, your business will be much safer.