Security's Everyman

Security's Everyman

Tuesday, February 20, 2007

Let's quit bashing users

All the rage lately seems to be user bashing. Here, here. There are others but I can't remember where they are off the top of my head. There have been several articles written by various people all of them talking about how User Awareness Training is a failure and that we can't trust end users to do the right thing. We need to quit wasting our time, money and efforts on them. Some even call them stupid and rant about how much of a problem they are.

We need to step back and remember a few things.

  1. We all have subjects that we are clueless about.
  2. End users are why we have a job in the first place.
  3. IT and Security have bad reputations among users already we don't need to do things to further foster it.
  4. We are all supposed to be professionals and calling people we work with stupid is not professional.
If we have problems with users then we need to either ignore it and do our job or do something to help them out. End users are not going away and they are not going to quit making mistakes.We all make mistakes even in areas that we are supposed to be experts in. It's up to us as to whether or not they learn to make changes or not. It's up to us to help them understand what they are doing wrong and how they can do it differently. It's up to us to protect them not only from outside attacks, but also sometimes from themselves. That may mean that we take time to teach one on one, we teach a User Awareness class at work, we keep our patience when they come to us with problems, we treat them with respect instead of like big dumb losers.

Technology Professionals are often seen as controlling, unfriendly, obnoxious, uncaring, and "know it alls". Even Staples has a commercial that depicts this. If we continue to perpetuate this by assuming that they will mess up and will be stupid then we are not helping. I will admit that they can be frustrating. So can ALL of us. We all have subjects that we don't fully understand and have a hard time getting a handle on. We need to remember that the next time we are tempted to give up on our users.

1 comment:

Jon Robinson said...

I agree with you Andy. It's always better to be considerate. I think the frustration stems from the fact that end users don't perceive the risks, so they don't bother taking precautions against them. If a person feels that the costs of security aren't worth the benefits, i.e. the risk is smaller than the cost to prevent it, then they won't bother. Security techs place a higher value on security than others and so they dedicate their lives to it and can't understand why others don't feel the same way. Patience and tolerance are definitely in order, as in all other aspects of life.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.