The answer is (sic) to not trust humans in the first place.

Those trainings serve only one goal: creating more revenue for the people who hold those trainings.

Worse yet: they (generally speaking) only cover very broad topics. If people already have issues trying to understand these topics, then how on earth are they going to relate the topics mentioned in the training to the things they normally do at work?

Most of all I believe that these kinds of instructions should be a job for the IT department. Because in a normal situation the IT department should be well aware about the way things work and go.
 
I do like the military response to clicking. Plain text emails.

Not sure about those facebook things or even Google backend for email security recommendations.

All this cloud reliance is unwise.
 
Security needs both belts and braces, not just one or the other. And you must keep up every day, you can't just spend some money ever few months and figure your are covered for that period.

But training / raising awareness helps, if done the right way. Just giving people courses (or videos to watch) without checking what they have learned afterwards isn't the right way.
 
You should file a PR about that.
It sounds like a serious security defect.
Just Kidding. I know you have to deal with the PHB.
 
You should file a PR about that.
It sounds like a serious security defect.
Just Kidding.
Actually, no kidding, you're right, they should provide such an option.
For example, Thunderbird already has Display->Plain Text Messages->Display emoticons as graphics.
So, that will be another option in the same section of preferences.
 
But training / raising awareness helps, if done the right way. Just giving people courses (or videos to watch) without checking what they have learned afterwards isn't the right way.
The place I work at has been sued for Racial Discrimination and Sexual Harassment several times over the last few years and every time after they settle we get e-mail and texting training. Plus they make us sign threatening forms about computer usage.

You really can't train someone to not be a racist or harasser. So the question remains why don't they just get rid of the people instead of training.
Same with habitual phish clickers. You can only train a person so much... Humans have our defects.
 
Back
Top