futurebird,
@futurebird@sauropods.win avatar

The company that's contracted to do security education has these little multiple choice tests, and it annoys me that they are confusing on purpose ... or they require you to listen to the wording of their videos carefully. eg:

Which URL is suspicious?

a. http : //www.gmail.com
b. https : //www.google.com/email

Um. The domain is valid for both. https is nice, but the later is a google 404... the former will re-load as https:

They wanted you to say the second one? Bad question.

mkb,
@mkb@mastodon.social avatar

@futurebird Ooof. Who is the vendor?

(Part of my job is getting people training which sucks less.)

futurebird,
@futurebird@sauropods.win avatar

@mkb

Since this has been a bit of a pattern I don't want to call them out.

To be fair they did move away from the videos you couldn't even speed up with the horrible acting.

I just wish they'd test what people know in earnest. Then put real resources to help people who who have gaps.

And stop with the videos and just let me read an article if you must. I'll remember much more from an article.

mkb,
@mkb@mastodon.social avatar

@futurebird Now I’m curious whether retention of security awareness material among an office population is better with text or video. Just this morning a mentee was asking me about research topics for tieir masters program so your timing is excellent!

In general, the field for awareness training is pretty bleak. There’s a lot more bad than good.

futurebird, (edited )
@futurebird@sauropods.win avatar

@mkb

If it's anything like the rest of education it will vary by the person. Some people are excited to learn about security, may even read about it on their own. They are also the people who everyone asks computer questions... so can help spread information.

There are people who just don't care: they may need games or varied presentation to stay engaged. Humor is good too.

There are people who know they are bad at computers terrified to ask questions. They need to talk to people in person.

mike,
@mike@sauropods.win avatar

@futurebird @mkb If this is a pattern, that is exactly why you SHOULD call them out. Why let others walk into the same trap you did?

futurebird,
@futurebird@sauropods.win avatar

I wanted to mark them both suspicious since I'm suspicious of google. But that's not an option.

RogerBW,
@RogerBW@emacs.ch avatar

@futurebird
Work, an academic institution: "Never click on links with your link-clicking machine."
Random email: "Sign up at [obvious foreign commercial URL] for your [otherwise unannounced work-related benefits, training, etc.]"
Me: [reports phishing]
Work: "ha ha silly Roger, that's our new partner org which unlike all the others hasn't had a massive data breach recently."

Every month or two.

futurebird,
@futurebird@sauropods.win avatar

There are probably a few dozen people at any large org who are terrified of computers and hackers and need someone trustworthy who they can talk to to really learn...

Just give a quiz most savvy people will pass and do one on one with those who need it.

Don't make up things to know?

futurebird,
@futurebird@sauropods.win avatar

These videos and quizzes are not going to fix my cooworkers who have ABC passwords on postit notes on their desk.

The same coworkers who ask me "my computer says I have a virus" and I feel dread since we don't have virus software that would say that... so they DID SOMETHING.

What did you do, Linda? You can tell me. We will sort it out.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • DreamBathrooms
  • everett
  • osvaldo12
  • magazineikmin
  • thenastyranch
  • rosin
  • normalnudes
  • Youngstown
  • Durango
  • slotface
  • ngwrru68w68
  • kavyap
  • mdbf
  • InstantRegret
  • JUstTest
  • ethstaker
  • GTA5RPClips
  • tacticalgear
  • Leos
  • anitta
  • modclub
  • khanakhh
  • cubers
  • cisconetworking
  • megavids
  • provamag3
  • tester
  • lostlight
  • All magazines
    •