28 days of awareness: day 15

The security awareness seminar slide decks are coming along nicely. Today we picked up on 'bluff ransomware' (a form of scareware that displays a warning message and ransom demand without the system lock-out or data encryption) and 'Ransomware as a Service' (malware for rent). 

The management seminar now includes a tip in the notes about insisting on 'proof of life' i.e. making part-payment first and checking that you can recover some of your data before completing the deal ... if it turns out - due to inadequate preparation - that you have no alternative but to pay the ransom to get your system/data back. 

By the way, it should be obvious from the management presentation thumbnails above that we much prefer graphics to plain bullet points or solid blocks of text when presenting stuff. The slides may not be entirely self-evident, though, so we invest nearly as much time in writing the accompanying speaker notes (not shown here) for the benefit of the presenters and (if printed as handouts) the audience. Also, the slides are animated where it makes sense - nothing too fancy, mostly just smooth transitions from one slide to the next plus sequential builds on some slides. Rather than force the poor presenter to [click] [repeatedly] [and] [laboriously] [through] [each] [and] [every] [single] [bloody] [item], we mostly use automatic/timed sequences to reveal the full slide over a few seconds without presenter inputs, allowing them to continue speaking to and interacting with the audience, uninterrupted. It illustrates the value of doing this stuff for a living: do you know how to make good use of animations? Do you have the time and energy to make your presentations spring to life? Are you a competent, experienced and confident presenter/trainer?

Another big advantage of using graphics such as mind maps in presentations is that the presenter can either linger and expand on a slide that catches his/her or the audience's attention, or otherwise move swiftly ahead. It's a very flexible presenter-and-audience-friendly style that we've developed over many years. The underlying aim is to fire up the imaginations of those who 'think in pictures' and those who don't.

Creating a more authentic [and yet fake, I hasten to add!] ransom note from yesterday's newspaper headlines was easier than I thought. This work of art took about 10 minutes with a craft knife, a sheet of paper and a glue stick - more fun and quicker than Googling for a suitable font, even if the office now looks like the Blue Peter studio.

Question is: should I now shred the message before recycling it? And should I shred the tattered remains of the newspaper too, in case some enterprising official decodes the gaps? In infosec, paranoia is an occupational hazard!