Periodically, we publish articles written by Enable engineers that reflect the intersection of their technology knowledge and unique personalities and interests. This month, Linda Lankford, an engineer in our Nashville office, writes about how one of her favorite Disney movies sheds light on contemporary cybersecurity concerns. Enjoy!

Although very much a fixture in daily news reports, cybersecurity concerns are not new. Cybersecurity was at the forefront of technology conversations before the Internet was freely available in coffee shops and airports. Believe it or not, hacking started with phone systems, long before computers were household items. Sneakernet, the passing around of disks (with the occasionally accompanying virus) to friends at different computer terminals, was an actual practice until people began networking computers.

The movie War Games (1983) gave a clear picture of what dire consequences can happen when people fail to follow cybersecurity protocols correctly. In the movie, a teenager intentionally hacks numerous networks but doesn’t realize that he accidentally hacked the US Government’s computer that controls the missiles pointed at Russia. While War Games isn’t the only hacking movie that has become popular over the last few decades, other not-so-tech-intensive” movies can also shed light on cybersecurity approaches and consequences. Certain Disney movies are one (surprising?) source of these lessons.

Disney villains have been some of the worst in cinematic history; they are the creatures we love to hate. Most of these villains were created out of folktales and native stories from different areas of the world, so they have a somewhat realistic, albeit embellished, take on evil in the world. While these fairytale stories are meant to entertain, they can also provide legitimate educational value. In the current information age in which we live, there are some lessons we can learn from these Disney villains, including lessons on cybersecurity.

Below, I highlight several cybersecurity lessons I learned from the villain Ursula in The Little Mermaid.

1. You always have other options.

In various phishing and social engineering schemes engineered by cyber criminals, the “villain” tries to convince you that you have been compromised in such a way that only one course of action will get you out of trouble. Not only do other options exist, but the one option they do provide is not a viable option at all! To the contrary, it is typically a course of action designed to lead directly to your harm.

“…Poor souls with no one else to turn to…”

Ursula makes Ariel believe that Ursula is the only option for Ariel’s ultimate happiness with Prince Eric. Ursula doesn’t allow Ariel to consider that King Triton (Ursula’s brother in Greek mythology) is capable of the same type of power. We learn this at the movie’s end when Triton gives his daughter legs to marry Prince Eric.

Cybersecurity criminals will try to make people believe there are no other options. The pop-up on the website may say that it can’t be closed, and that the computer has been taken over. The message is ominous and scary, but it is not true. You can always click on End Task in Task Manager or Force Quit in Activity Monitor and move on from the villain’s attempt to trick you. Just because the cybercriminal presents the option as the only one available doesn’t mean there aren’t other readily available options.

2. Always verify through another source.

“…I admit that in the past, I’ve been a nasty… But you’ll find that nowadays I’ve mended all my ways…”

Ursula admits that the rumors about her are true, or does she? She deviously spins what other people say, claiming that she’s changed for the better. She gives an example of this change but doesn’t allow Ariel to see that she manipulated that example to fit her narrative.

In recent years, spear phishing attacks have become more commonplace. These attacks impersonate a friend, boss, or colleague, trying to convince the victim to do something for this trusted person. In reality, the hacker is trying to steal data and money or install malware on the victim’s computer. If an email feels strange or sounds out of character for the person from whom it is supposedly coming, calling or talking to that person in the flesh is the best option to verify that they indeed sent this request.

3.  If something sounds too good to be true (like getting legs for your voice), it probably is.

“…It won’t cost much, just your voice…”

Ursula downplays the importance of having a voice to sell Ariel that legs are much better. She’s quick to tell Ariel that the human men, being so different from mermen, don’t want their women to talk. While that may be a stereotype of some men, it certainly isn’t true across the board.

Is that Nigerian Prince scam still circling email inboxes claiming to deposit large sums of money into bank accounts because the prince needs help escaping his country? No, of course not. This scam, and many others like it, prey on people who want to help and make a fortune in the process. Sadly, many people have become victims of this type of scam simply because they didn’t listen to the adage, “If it sounds too good to be true, it probably is.”

4. Short time limits that don’t allow time to consider all options are usually not in one’s best interest.

“… I’m a very busy woman and I haven’t got all day…”

When Ariel waffles about signing the contract, Ursula takes a final stab at getting her to agree by making it clear that this offer isn’t going to stay on the table for long. Ursula ratchets up the fear and pressure of the moment.

Her line is reminiscent of those sometimes used by high-pressure salespeople or used car dealers. While some deals have authentic deadlines, legitimate deals usually provide time to consider all options before taking the plunge. Cybercriminals use these same high-pressure tactics and add fear to strengthen their approach.

BONUS LESSON: Never sign your name to anything without reading it carefully.

Succumbing to Ursula’s tactics, Ariel signs Ursula’s scroll without reading it in its entirety and doesn’t get a copy to review.  Wisdom dictates that a person only sign or agree to a contract after reading the entire document, considering all the provisions, and consulting with others as needed. Large businesses have entire contract departments to ensure the company doesn’t sign a bad contract. Never be pressured into thinking you are not entitled to the same option to review the contract on your own time. This same advice applies to any “deals” or “online appeals” made by those who desire access to your information or want your agreement to or with a proposed action.

Ursula’s behavior and tactics in The Little Mermaid provides several powerful warnings and lessons applicable to today’s cybersecurity environment. While Ariel says, “I don’t see how a world that makes such wonderful things could be bad,” we really should follow Sir Grimsby’s advice, “I believe a little fear may be advisable.”

To summarize:

• Remember to look for other options, even when they aren’t presented.

• Always verify with whom you’re communicating.

• If it sounds too good to be true, it probably is.

• Short, forced timelines are rarely in your best interest.

• Don’t sign a contract or make any agreement until you’re sure it’s not a rip-off.

Following these lessons in cybersecurity is good for people and merfolk alike.

Written by: Linda Lankford, Systems Engineer