Slashdot Mirror

← Back to Stories (view on slashdot.org)

Impressing Security Upon End-Users Visually?

Posted by Soulskill on from the shake-your-fist-and-glare dept.

get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"

5 of 157 comments (clear)

  1. Change their perspective to be self gratifying by onyxruby · · Score: 4, Interesting

    I was spending some time with some friends of mine a few months back when the inevitable malware conversation came up. These friends happened to all be quite computer illiterate. What I did instead of giving the usual spiel about malware was show them a better experience.

    I sat them down and showed them how to use firefox with noscript. I showed them their favorite sites without all the baggage and they were amazed at the improved experience. I made sure I showed them how to use noscript with sites like facebook and still get what they wanted.

    All of this was done in less than 15 minutes, and they now use this combination on a daily basis, not because of the improved security, but because of the improved experience. The fact that their security is improved is entirely incidental.

    Note to firefox dev's, improve your enterprise management tools so that I can justify rolling out firefox to the enterprise after proving to management that it can be managed at the enterprise level. Enterprises need ways to consistently enforce policies with firefox using AD! Until this can be done firefox will never take over Internet Explorer in the Enterprise.

  2. www.IdentityTheft.info video by Cyko_01 · · Score: 4, Informative

    here is a great video that shows how to detect a phishing scam using examples http://www.youtube.com/watch?v=bzfPUmQcfDs

  3. Re:Security holes by snowraver1 · · Score: 4, Funny

    Just show them this:

    http://www.youtube.com/watch?v=1SNxaJlicEU

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  4. Re:Yell at them and make them feel like shit. by DoraLives · · Score: 4, Interesting

    This actually worked at the small enterprise where I take care of things. A user managed to get their machine mucked up with a bunch of spyware and adware by clicking in a forwarded email. I cleaned the machine and then management called a meeting a day or two later. Had every one of the employees in attendance. I gave the standard presentation about email safety, as well as general internet safety. I sat down. The director stood up and informed everyone in the room that the next time a machine needed to be cleaned as a result of operator error, the bill for my services (not cheap) would be deducted from the relevant employee's next paycheck. A sheet of paper was then passed around, with the same directive written on it, and all employees were instructed to either sign or lose their job. They all signed.

    That was two years ago. Have not had a SINGLE instance of any malware on any machine, since that time. People now ask me every time they have any doubts about what they're doing, and I've headed off a few potential catastrophes since that started happening.

    I'm guessing it's not a coincidence.

    --
    Is it fascism yet?
  5. Re:Yell at them and make them feel like shit. by MachDelta · · Score: 4, Interesting

    Huh. Where I happen to live in soviet Canuckistan, both having your wages deducted for accidental damages caused on the job AND being forced to sign something under the threat of losing your job are both illegal.

    Something vaguely similar happened at where I work. Weekend attendance had been optional for a very very long time, but management felt that too many people were just taking every weekend off because, well, people like their weekends. Anyways, to try and boost attendance they tried to make everyone sign an agreement basically saying that everyone had to work every single weekend unless excused, and excuses had to be given up to three weeks in advance... and this was all under a threat of "or else". A few of the sheeple signed right away for fear of losing their jobs. When it got round to me, I just laughed and threw the paper in the garbage. My boss tried to give me shit (this was infront of a dozen co-workers, so he had to make a stand) but I interrupted him to inform him that he could not unilaterally renegotiate my job description or fire me if I didn't agree to it, and if he ever tried to push me (or any of us) around like that again, that the provincial labour board would come down on the place like a ten thousand pound bag of shit for it and all the other little skeletons-in-the-closet that I knew about. The next day their little piece of paper disappeared without a trace.

    YMMV.