So what about user education on security?

CNET’s Joris Evers writes about one security expert who says education users on computer security in the enterprise setting is “pointless”.

It is an unfortunate fact that many users do not really care about security at work - as far as most folks are concerned security of pc and network is up to the company to sort out. The same users may even have great security at home but do not see why they should make any efforts at work. Sad really.

Personally I take the view that if my employer suffers because of some breach in security (data loss, financial loss to competitors etc) then I may also suffer in the longer term. I am even trying to convince my employer to tighten up and stop using the useless XP firewall. Once I get him to try the leak tests he should be convinced.

The good news is that with the upcoming new contenders in security software from Comodo many smaller companies with limited funding will be able to get good security that does not require much user input.


I don’t think the problem is purely a corporate one. IMO, users in general (whether at home or work) simply do not see/do not wish to see risk involved, and the need for security. If they have to respond to even minimal popups, they go ballistic. And to be honest, the general user would not know how to respond to the popup anyway.

Users, whether at home or work, do not want to be bothered by security software. They just want to work on the computer, browse, chat, email, and so on. Heck, look at all the OLE posts here - who cares that applications communicate behind the scenes?! We don’t want to see such alerts. It’s a BUG!!! ;D

Thus, I agree with the comment about security software

It must be designed so that it does not conflict with the users’ primary goal. It can’t work if it interferes.
IMO, that’s the only way you’ll get the general user to comply with usage thereof.

It’s a joy to see the lights come on in someone you’re trying to educate on security issues, but in my experience here and elsewhere, the majority of the time that just doesn’t happen. And yes, it can be frustrating, disappointing, and makes you wonder what you could’ve said/done different to get them to see the importance. Ultimately, though, that’s not our problem - we deliver the message in the best way we can. How the person takes it, what they do with it, is on them. We cannot force change; we can only try to plant the seeds, water them, and hope that they’ll grow…