Important security stories and tips to be shared.

And I bequeath Monkey123!  (my master password) to ...    
Recently, I went through the process of updating my "last will". I could tell it had been a while since I last did one because I don't remember the lawyer asking me questions like, "What do you want to do about your passwords and digital assets?"   
Of course, nobody expects to leave this world without having made sure their affairs are in order, but my guess is that the majority of the time, anyone who dies before they planned to retire may have left a few mysteries behind for their surviving loved ones to figure out.

Planning to recover from the Ultimate Disaster

Ever since we came to realize that passwords were needed to keep the bad guys out of our stuff, we have been told to be so secretive with passwords, that unless we put some kind of plan in place, it's unlikely that any of our surviving loved ones will know how to access things like:
  • devices such as smartphones, USB drives, etc.
  • electronic documents
  • electronic receipts
  • email accounts
  • digital music
  • digital photographs
  • digital videos
  • software licenses
  • social network accounts
  • file sharing accounts
  • ...and several other possible types of information that may be important for those around you to be able to access in your prolongued and unexpected absence

Without planning to transfer your login or access information for these things, your estate's executors and/or trustees will likely have to go through expensive and time-consuming processes to prove you are deceased, and to obtain custody of your important passwords and digital assets.  Sometimes, it's not even possible. 
Here's an interesting story that illustrates how a cancer fighting blogger's family was  put in a difficult spot after he died. (Note that I obviously don't endorse the recommendations of the "marketing consultant" interviewed at the end of the article who says to store all your passwords in an online email account, just in case...)  
For employees who have password access to network resources, it's usually not hard for system administrators to assign or assume access rights. But there could be other assets related to work that are important to your employer, and it's possible that nobody else may be able to access them when you're gone - via death or some sudden parting of ways.  
If you're a business owner, there are also a lot of things that you might need to consider in terms of who needs to access accounts and devices if you die.   
Password managers can help a lot for enabling access to your digital assets   
As many of you know, I use a password manager called  LastPass to manage all of my passwords, as well as other important notes and information such as software license keys.

I'm not sure about other similar tools, but LastPass has a Family Sharing feature, where you can put some accounts and information into a folder you can securely share with others who have their own account using the same tool, so they have access. This is a great feature while you're living, but could be especially useful in the worst case scenario for ensuring that others have access to your important information when you die.

Security Tips...


Take a few minutes (or hours) to write down all of the accounts and digital assets that might be important for others to access if you die.  If you can, use a password manager to securely store those details, and provide a secure way of sharing them with other trusted individuals if you die. 


Depending on the situation, you may or may not care if your employer has access to all your accounts, devices and other information that may not have been backed up on a corporate network. But as a courtesy (or it may be corporate policy), you should ask your manager or IT Service desk about contingency planning for any important information that may not be backed up automatically.

When doing business continuity and disaster recovery analysis and planning, make sure to consider those digital assets that might not be regularly backed up. Who has access to them, and what can you do to ensure that information is not lost, and that people know how to secure it for the business (not just for themselves)?  
If your business relies on information that may not be automatically backed up, you can call me to discuss how we can design contingency procedures and communicate them to staff. 
All the best,

Scott Wright 
The Streetwise Security Coach

Security Perspectives Inc. 
Phone: 613-693-0997 


Security Perspectives Inc. believes that businesses benefit when employees understand how cyber security risks impact their jobs and personal lives.

With this understanding, employees can make better decisions that make the organization more productive.

We work with your team to help employees make the best use of available security technologies, to manage cyber security risks intelligently."

- Scott Wright

Where I'm presenting ...

The American Society for Quality
in Toronto on October 11, 2017
(Cyber Security Risks to Business Performance & Quality) 

The American Society for Association Executives
via Webinar on October 25, 2017
(Phishing and Malware Risks to Businesses)


October is
National Cyber Security Awareness Month!

Ask me how to arrange a free presentation to your group.


What I do for fun?

In a recent conference presentation, I walked on stage wearing Virtual Reality gear to make an important point...

This... is the future of Security Awareness Training...

If you'd like to know more about this presentation, or need a way to wake up your audience, just let me know.


"To Secure the Future of Your Business,  
Start With a Streetwise Team"

Every business has a unique set of industry terminology, risks and policy requirements. Shouldn't your security awareness program be communicating to employees in the language and context that hey can understand?

Streetwise Security Awareness Programs from Security Perspectives can provide tailored, auditable education and assessment solutions that fit your team like a glove, to improve compliance, reduce risk and increase productivity.  
To find out how to implement an awareness education and assessment program for your organization, simply reply to this email, or contact Scott at 613-693-0997.