Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Behind every stupid user is a stupider security professional

Ira Winkler | March 15, 2016
Security professionals should look in the mirror, before declaring a user, “stupid”.

Like most IT people, I love reading “stupid user” stories. As long as you don’t have to deal with them, they are generally relatable and entertaining. When I saw an article where a Reddit string asked for IT people to submit the most idiotic things “non-IT people” asked them, I had to click. I soon became very disappointed, but with the IT people.

While the supposed “idiotic” things are not necessarily security-awareness related, they very well could be, and that is even more concerning. When a user says, “The computer forgot my password,” which is one of the “idiotic” quotes, the IT person probably thinks that the user should know their own password, which they should. However, I consider that it means that the user uses the save password function, and that in theory anyone can walk over to their computer and log into critical systems as them. While perhaps the system only saves passwords for a finite amount of time, a knowledgeable IT person should be asking what the user means by the system forgetting the password, and advise the person that they should never save the password.

Basically when I read the complaints from the IT people, they appear to not understand that they are using jargon and terms that are not common to the average end user. You cannot assume that an average person knows the difference between their operating system and their web browser, and frankly the average user probably doesn’t care. I am not sure how many of these “brilliant” IT people remember when Microsoft was criticized for attempting to make Internet Explorer the interface to the Windows operating system. Safari is delivered with MacOS, and is essentially a part of it.

One of the highlighted criticisms of users was of an end user who did not install the dongle in a PC after buying a wireless mouse. In the first place, it is a leap to assume any end user knows what the term, dongle, actually means. And unless a user reads the instructions, given the ironic ease of use of most systems, as well as the prevalence of Bluetooth devices, it is natural for many users to assume that you turn it on and it just works.

There are also many complaints of users assuming that the monitor is the computer. Some users turn on the monitor, and don’t realize that they have to turn on the computer. While there could very well be a naiveté to it, there are All-in-One PCs, and there have been different hardware configurations over the years where there was a single “on” switch for the monitor and computer; usually on the keyboard. The fact the IT person doesn’t realize the potential for the discrepancy says as much about the IT person as it does about the end user.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.