Information security: Don’t be the elf who compromises Santa’s Naughty or Nice list

Monday, 17 December 2018

By Abigail Liu and Nigel Carson

The weeks leading up to the eve of Christmas is undoubtedly Santa’s busiest few weeks. He realises he hasn’t done nearly enough exercise this year and worries it may be the year his belly is too large to fit through the chimney. 

But there’s also something else that’s been niggling Santa of late. Rumours have been brewing that Santa’s most precious possession, his list of which children are nice, and well, not so nice, has somehow been compromised. There have been whispers that names of some of the most notorious naughty children have magically appeared on the nice list, and vice versa. In fact, the name ‘Master Grinch Junior’ was suspiciously on the nice list for the first time ever. Santa’s elves are confused – they have been vigilant with their data security, even going so-far as to change all their log-in passwords when prompted to do so by an email sent out from Santa warning them to be ever watchful of the Grinch. The email contained a convenient link that the elves could click on to change their password to Santa’s secure website which is where Santa keeps all his confidential information, including the naughty or nice list. 

As it turns out, that pesky email was not from Santa. After a thorough investigation it was revealed that the Grinch made a fake Santa website which perfectly mirrored the real one, and the link in the email routed all the elves to the fake site where they conveniently provided the Grinch their passwords. At present, the Grinch has declined to comment on the situation with a statement that he is away on a ‘phishing trip’. 

The findings from the security breach investigation have uncovered the following:



 

Two-factor authentication is an example of layered security which ensures the security of your account even if someone obtains your password. Two-factor authentication works by having the user input their password, and then verifying their identify through a second channel such as sending a randomly generated code via phone call, text message, or another email address. This may be seen as troublesome at first, but discretion should be used on when to apply this layer of security, and in weighing up the potential risks of not implementing two-factor authentication. 

Fraudulent emails pose a real risk to data security, with phishing emails being one of the most dangerous examples of email scams. These emails aim to solicit personal and financial information from the victim, and often pose as reputable companies in order to gain this information. Elves need to be aware of the dangers of clicking into links inside emails which require you to log in. It is safer to go directly to the site and log in, rather than through the link. 

Content filtering increases data security by assessing incoming emails for legitimacy. The program is then able to restrict or prevent access to flagged emails as a warning that the content comes from a suspicious source and should be treated with caution. Content filtering is not fool-proof, and elves should still receive regular training and participate in information sessions on protecting sensitive workplace data.

  
Data security is everyone’s responsibility, from Santa the head hancho, down to the woodworking elf’s apprentice. Don’t be the elf who unwittingly compromises Santa’s naughty or nice list!