Security's Everyman

Security's Everyman

Wednesday, April 18, 2007

More User Education Fodder

This article on ComputerWorld.com is just more proof that we need to continue to push forward with User Education. People need to be aware that ANYTHING that they post on the internet is subject to being found by other people. I know that they trusted Google to not share what they didn't want shared, but software has bugs that often aren't found until it is too late. People make configuration mistakes that accidentally expose info that wasn't intended to be exposed.

I realize that there are many people who will ignore all UE attempts and will do what they want. Even so I still believe that LOTS of people do things like this out of a lack of understanding of the possible dangers. In one example in the article the conference call number and PIN were posted by an employee of the companies IT department. Again, another example of how UE is needed by ALL employees. There are just too many from the CEO down to the person who spends all day pulling staples out of documents that just don't understand and need to be educated.


1 comment:

H. Carvey said...

Andy,

While I'm predominantly focused on IR and CF work, one of the things I see lacking is user education...and this is most often the case when senior management doesn't take infosec seriously.

Harlan
author:Windows Forensic Analysis
Windows IR Blog

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.