On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

October 12th, 2006

So what about user education on security?

Posted by Suzi Turner @ 9:05 pm

Categories: General

Tags:

CNET's Joris Evers writes about one security expert who says education users on computer security in the enterprise setting is "pointless".  Doctoral candidate Stefan Gorling, speaking at the Virus Bulletin Conference, said:

"I don't believe user education will solve problems with security because security will always be a secondary goal for users," Gorling said. "In order for security to work, it must be embedded in the process. It must be designed so that it does not conflict with the users' primary goal.


It can't work if it interferes."

Some of attendees agreed while others vehemently disagreed.

The trick is to know what you're talking about and to bring the information in a format people understand, said Peter Cooper, a support and education specialist at Sophos, a security company based in England.

"It is a long process, but if we admit defeat now we're just going to go to hell in a handbasket," Cooper said. "Education in every area works."

I agree with Cooper.  I understand trying to educate some users is like talking to the wall, but that does not mean we shouldn't try. I do know, from working with home users on my SpywareWarrior forum, where volunteers help users get free of malware, that some will probably never change their online behaviors, even when confronted with proof that their online carelessness is what got them infected. We had one user whose ID had been stolen by a keylogger and password-stealing trojan, and his bank account had been wiped out.  When told that he needed to update his Windows to Service Pack 2 and avoid file sharing, he insisted that he wouldn't change. Eventually we scared him into updating to SP 2, installing a bi-directional firewall, and scanning any downloaded files for malware before opening them. Getting him to update to SP 2 took about 2 months and literally scores of posts, but finally he did it.

There are some interesting points of view in the talkbacks to Evers' article, but the first commenter got it right.

EVERYONE, and I do mean EVERYONE, should be worrying about security. While at large corporations security is the primary concern of IT all users should be educated about it and be concerned about it.

At my forum, when we have repeat users, coming back for help a second or third time, I feel that we failed to properly educate them. It becomes frustrating at times, but we must keep working at educating users. To not do so is pure foolishness and inexcusable in my opinion.

 

  • Talkback
  • Most Recent of 12 Talkback(s)
RE: So what about user education on security?
http://insurancefraudnews.blogspot.com... (Read the rest)
Posted by: dd_forums Posted on: 03/23/08 You are currently: a Guest | | Terms of Use
Question ...  Arnout Groen | 10/13/06
You're probably right  Suzi_z | 10/13/06
Not just attitudes.  Anton Philidor | 10/13/06
Who's responsible for secure systems?  kentfx_z | 10/13/06
Hmmm...  thejynxed@... | 10/13/06
Hmmm...  Mr. Roboto | 10/14/06
patches and other things  tallsoft@... | 10/15/06
Product opportunity?  Ikester_z | 11/04/06
Maybe (l)user (re)education should start at home.  Mr. Roboto | 10/13/06
Education works  sysop-dr | 08/22/07
One man's $0.02  santuccie | 10/29/07
RE: So what about user education on security?  dd_forums | 03/23/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More