This Week on The Awareness Angle -
- The Louvre’s password was “Louvre.”
- Australia is banning under-16s from Reddit.
- The FCC wants to remove cybersecurity rules for telecoms.
This week’s episode looks at how comfort, control and politics all shape cyber risk. From famous museums ignoring their own audits to governments trying to legislate digital behaviour, Ant and Luke dig into the human decisions behind the headlines.
Also this week, Apple patches over 100 vulnerabilities, VPNs get called out for creating more problems than they solve, and a TikTok clip proves why nobody should ever paste commands they do not understand.
Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube
Listen Now
Podcast · Risky Creative
This week's stories...
The Louvre’s Password Was “Louvre”
A 2014 audit of the Louvre found that part of its CCTV system was protected by a password that was literally “Louvre.” In 2025, a jewel heist lasting just eight minutes has brought that old finding back into focus.
In this week’s episode, Luke said,
“You’d think someone, at some point, would have said, hang on, maybe the password shouldn’t be the name of the building.”
It sounds amusing, but it is familiar to anyone who works in security. Every organisation has something similar, an old system no one checks, a forgotten account that still works, or a risk that everyone knows about but never gets round to fixing. The Louvre’s problem was not the technology, it was comfort.
When people start to believe that “we would never make that mistake,” risk becomes invisible. Awareness is not about remembering rules, it is about keeping curiosity alive.
∠The Awareness Angle
- Familiarity breeds blindness – Comfort makes people underestimate risk.
-
Audits do not change behaviour – Acting on insight is cultural, not procedural.
-
Legacy equals latent risk – If it is old, ignored, or inconvenient, it is probably critical.
Reddit Added to Australia’s Social Media Ban for Under-16s
Australia will soon roll out a world-first law banning under-16s from major social media platforms, and Reddit has just been added to the list. From 10 December, platforms such as TikTok, Instagram, YouTube, Facebook, X, Snapchat and Threads could face fines of up to 50 million Australian dollars if they fail to block young users.
In this week’s episode, Ant and Luke discussed how the move, designed to protect children from addictive design features and harmful content, could actually push them towards less regulated parts of the internet. Ant shared his own experiences as a parent and said that protection without education will only ever be a short-term fix.
The debate is divided. Supporters say the ban will give children space to develop without the influence of algorithms and constant social pressure. Critics argue that connection, creativity and community will suffer, and that teaching digital responsibility is a better long-term goal.
∠The Awareness Angle
- Safety vs Surveillance – Are we protecting kids or over-tracking them?
-
Enforcement Gap – Age checks mean more data and more risk.
-
Digital Upbringing – Bans teach avoidance, not resilience.
FCC Plans to Scrap Telecom Cyber Rules
The United States Federal Communications Commission has announced plans to remove mandatory cybersecurity requirements for telecom providers. The rules were introduced earlier this year after state-backed hackers accessed call records and wiretap data belonging to over a million Americans.
In this week’s episode, Ant and Luke discussed how the decision reflects a wider problem in security governance, where political shifts often undo hard-won progress. Luke called the timing “unbelievable,” noting that news of another telecom breach broke only hours after the rollback was announced.
Ant compared it to health and safety legislation, saying that change only happens when leadership is held accountable for harm. He argued that voluntary standards rarely work because compliance without consequence has no urgency.
For professionals building awareness or culture change programmes, this story is a reminder that leadership accountability is the real driver of secure behaviour, whether in government or the workplace.
∠The Awareness Angle
- Accountability drives action – Rules only work when leaders are held responsible.
-
Culture mirrors leadership – If security is optional at the top, it will feel optional everywhere.
-
Timing matters – Rolling back safeguards after a breach shows how short memories can be.
Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!
Awareness Awareness
Human Firewall Conference
Ant returned from Cologne after speaking at the Human Firewall Conference, an event dedicated to human risk, behaviour and culture change in cybersecurity. The conference, hosted by SoSafe, brought together awareness professionals from across Europe for two days of talks, workshops and connection.
Ant described it as one of the most engaging events he has attended. The setup, branding and energy felt more like a creative festival than a corporate conference, with sessions exploring psychology, learning design and the future of human risk management.
He joined CISO Andrew Rose and SoSafe’s Melina on stage for a discussion about awareness storytelling and transparency, sharing lessons from years of building people-centred security programmes.
His biggest takeaway was how consistent the challenges are across countries and industries. Every speaker returned to the same truth: technology only goes so far, and the real progress happens when people feel ownership of security.
∠The Awareness Angle
-
Shared challenges, shared progress – Everyone faces the same human risks, but solutions spread faster through the community.
-
Design matters – The way security is delivered often matters more than the message itself.
-
Culture needs connection – Awareness grows when people feel part of something, not singled out by it.
Get all the details at http://www.humanfirewallconference.com/
Did you catch Ant on the Go Phish Podcast?
Now, this was a fun chat! Dan asked Ant to join him on the Go Phish podcast to talk about keeping things simple, fun and honest in security awareness.
Ant first came across Dan on LinkedIn earlier this year. His raw, no-nonsense approach to awareness really resonated with him, so it was great to finally sit down and talk it all through.
Ant and Dan talked about storytelling, gamification, culture, creativity and the future of behaviour-driven security.
This week, you’ll get to see what happens when they swap places and Ant asks the questions.
Watch the chat - https://youtu.be/pUJOFmPT4mE
This Week's Discussion Points...
Hyundai AutoEver America data breach exposes SSNs and driver’s licences – Bleeping Computer
Watch | Read
Nikkei breach hits 17,000 staff after Slack account compromise – HRD Asia
Watch | Read
South Gloucestershire Council accidentally leaks resident data – BBC News
Watch | Read
The Louvre’s password was literally ‘Louvre’ – PCWorld
Watch | Read
Reddit added to Australia’s social media ban for under-16s – BBC News
Watch | Read
FCC to scrap telecom cybersecurity rules – Cybersecurity Dive
Watch | Read
Apple patches more than 100 vulnerabilities across devices – CyberScoop
Watch | Read
Firewalls and VPNs increasing ransomware risk, report warns – The Register
Watch | Read
Researchers find Teams flaws allowing message and call manipulation – Cybersecurity Dive
Watch | Read
M&S profits nearly wiped out after major cyber attack – BBC News
Watch | Read
Cybersecurity pros accused of running ransomware side business – CNN
Watch | Read
ClickFix malware demo shows why users should never paste commands – TikTok
Watch | Read
Extras
Nicole Leffer: Check your ChatGPT data settings – LinkedIn
Watch | Read
Meta profits from scam adverts across Facebook and Instagram – Reuters
Watch | Read
AI-generated fraud on DoorDash shows abuse of image tools – Instagram
Watch | Read
ClickFix malware demo shows why users should never paste commands – TikTok
Watch | Read
Recruitment and candidate experience in cyber – LinkedIn post by Hazel McPherson
Watch | Read
Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.
And finally…Teachers Outsmart ChatGPT with the “White Text” Trick
Watch on Podcast | Watch on TikTok
A TikTok creator called Sherwoods Tech recently showed what happens when someone follows those “just paste this command” instructions you sometimes see online. In the clip, the command quietly runs a file in Windows’ Run box, installing malware with no warning and no pop-up.
Ant and Luke discussed it in this week’s episode, calling it one of the most effective real-world awareness examples they have seen. The demo is raw, unfiltered and exactly the kind of thing people remember.
For awareness professionals, it is a reminder that simple rules still matter. You do not need fancy campaigns or AI tools to change behaviour. Sometimes all it takes is showing people how an attack really works.
∠The Awareness Angle
-
Simplicity beats sophistication – The clearest messages often land the hardest.
-
Show, do not tell – Seeing an attack makes the risk feel real.
-
Everyday language wins – Speak like a human, not a policy.
