Author Archives: enicaise

User-Interface design: an overlooked security matter

| 2018-09-27 | Uncategorized

Human error is one of the most overlooked threat to most IT systems. A low level of user acceptance of the security features can be one of the most challenging part of the transformation of a company into a secure organization.

KISSS: Keep it Simple, Stupid and Sexy. The last S from this new version of this old acronym comes from Laurence Vanhée, Chief Happiness Officer. Can we make people happy with security? Why not?

Tech companies have invented the WAF, Woman Acceptance Factor. This factor was defined to predict if the woman were ready to accept the purchase of a new home appliance (Smart TV, and so on). The main factor was usability and attractiveness. At that time came the “girly” versions of a lot of appliances and the simplified version of the remote controls. Not that Woman aren’t capable of using complex systems, they just don’t want to bother about some useless complexity. And I don’t think it’s a “woman” thing. We all do, eventually. But in security, we tend to forget that we need to convince our users to be more secure.

Darin Senneff, a creative user interface designer from New-York, has created and shared on Codepen a very nice user login interface that should inspire other website designers.

As you can see, the nice gorilla’s avatar change its behaviour as you type your email and your password. One could add some new behaviour when the password would not be strong enough and some other (positive reinforcement) when the password reach a certain level of complexity. Such interface will likely be more efficient reinforcer of a security aware behaviour than just a message as it will provide a sense of peer pressure and fun, leveraging security without the fear and the stress factors.

Darin shared the code on Codepen. Get inspired, use it, improve it.

The impact of cyber crime on Belgian Businesses

| 2018-03-17 | Information Security

In 2017, the Belgian Cost of Cybercrime Project (KUL) published the results of an enlightening study aiming to measure the impact of cybercrime, and more broadly, cyber attacks, on Belgian businesses.

We can highlight two results from this paper: First, most businesses have been hit by one form or another of cyberattack, some even more than once a year. So, the likelihood of being hit is quite high.

Second, the average cost per incident is relatively low, with most falling below 500 euros, though some exceeding 10.000 euros. It certainly depends on the type of business you run and the size of your organization. That is, SMEs should not have to spend a fortune on security measures.

You can find the report here: https://www.apalala.be/wp-content/uploads/2023/01/BCC_ImpactCybercrimeBelgianBusinesses.pdf

You receive spam by SMS (or via email) in Belgium, you can report it online to the authorities!

| 2017-07-06 | Communication, English, Vie privée

A while ago I posted an article stating that there was no way to report SMS spam online in Belgium. Guess what, I was wrong!

First, I was wondering if it was really illegal to send unsollicited commercial message by SMS in Belgium. I found this really nice flyer from the federal public service of economy (http://economie.fgov.be/fr/binaries/spamming_brochure_fr_tcm326-31741.pdf) explaining that the global definition of spam applies also to SMS or chat systems.

In the flyer, there was a link to a page to report such kind of behaviour to the authorities. The document being a bit old (2005), the link was outdated but our friend Google found me the new one: https://pointdecontact.belgique.be/meldpunt/en/welcome

On this official website, you can report SMS Spam (or other similar illegal activities) using the “New complain” button and the  “SPAM from unidentified party” type of report.

I’m not sure it will be quite efficient to stop rapidly the Spam SMS from coming (most smartphone allow you to block senders for a while) but it will be the start of it. And if more and more people stat to report such behaviour, it will likely have an impact.

Notice you can also report spam or harassement coming from outside the country.

The scope is quite clear from the 1st page:

“Are you the victim of misleading practices, fraud or swindle? Or have your rights as a consumer or enterprise not been respected?
Then choose the scenario that matches your problem and follow the various steps to report your problem to the competent services.
You will always receive a reply in which we will try to provide an answer to your questions.
The competent services will analyse your report and may carry out an investigation. They do not take any action in your individual dispute, nor do they provide any information concerning the investigation. For your individual problem, we exclusively refer to the reply that will be sent to you”

Now you know what to do.