Subscribe to the RSS Feed.
User Education: Sometimes, humans themselves are the weakest element of the security chain
Some time ago, I wrote an article called Authentication: Is he who he says he is?, based on the technical fact the faking the sender's email address is rather simple.
How can we educate the user to learn the right degree of (dis)trust when treating with emails (or telephone calls)? We need to be a culture of trust, yet be resistant to social engineering. Do you have policies concerning this matter?
base policies
We do have policies on our Base regarding internet/computer use, e.g. no personal surfing (YouTube, Facebook, emailing, what ever) on ministry equipment. There is a briefing for (new) staff and students, besides other things, on how to use computers and phones, some dos and don'ts.
However, AFAIK there is no such thing as educating users regarding email scams, virii, trojans, social engineering, etc. I know that on one of our schools the husband who went on outreach with his wife who was staffing tat school, took it on himself to inform the staff and students what they can do to be a bit more secure.
It would be nice, though, if we would have something that could be handed out to people. Some tips and tricks, things to avoid. Possible a condensed version and a long version with more explanation for those interested and/or team leaders.
Also, might be good to get input on this from IT folks around the world and then distribute this to all of YWAM as a little help / ready made hand-out, if Bases want it.
--~~~~~
Cheers,
Steve
Somebody's terminal is dropping bits. I found a pile of them over in the corner.
Post new comment