Over here
I want to sign up my end users too!
The US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week's server breach. The bureau said in a blog post over the weekend that the hackers who managed to pull employee records from its computers did so by targeting the …
And there will be organisations that tell their users "don't click on suspicous attachments" and then email important pay/pensions forms as word doc named PDQQ-6756-BHG.docx
If you let infected files/links into your system and rely on regular users to spot them and not click - it isn't the users' fault. It's like telling them that some of their computers might have faulty PSUs with dangerous voltages on the keyboard and that they should "be careful".
"And there will be organisations that tell their users "don't click on suspicous attachments" and then email important pay/pensions forms as word doc named PDQQ-6756-BHG.docx"
My bank sends me monthly emails saying my statement is now available online, with a "convenient" link to the login page to check it. Fucking idiots.
Pressure for not letting anything escape, right, a form of social engineering, bad guys rely on the good spirit of people to try to scrutinize their work because they care, unless the email says "I love you". That is the other type of people and their mentality towards work, also an efficient way of hacking via social engineering. Just how much effort does it take for developers to create their programmes with security as priority? Are new developers being taught this? That's part of the mediocre mentality of rushing a product to the market just because people are now "used" to applying patches and all kinds of malfunctions are expected as long as they deliver a fix in a timely fashion.
I'd like to see the trainer actively try to fish the users he's training, along the lines of "my laptop is broken, can I run the presentation from yours? I'll just need your user ID and password." Would be interesting to see how many people would have the wisdom to know that's not a good idea and the balls to say no in front of a group.