You don’t need to be an information security professional to be considered a computer expert by the majority of people. Just knowing your way around an operating system – preferably Windows – is sufficient to attract cries of help your way.
Its unfortunate but that is the way it is. There are far too many people who are impressed by the fact that you can crop an image, or print a document.
But who are those people?
If, like me, you spend an inordinate amount of time on social networks (well, ok, just Twitter in my case) in the company of security personnel, then you may be forgiven for thinking that it is just employees who require an urgent injection of security awareness so that they can be better prepared to defend the company’s digital assets.
But is it really the case that only employees need help where computers are concerned?
Maybe it is the elder people (a growing demographic) in society who also need assistance and training in order to safeguard their personal information and dwindling pensions?
I can understand why that group of people may be the first to come to mind. After all, people of pensionable age and over were not brought up with computing devices and modern technology in general can be a barrier for them.
But, hey, her Maj seems to be fine with tech, so perhaps it’s training rather than age that counts?
— Science Museum (@sciencemuseum) October 24, 2014
I know in my own life that my grandfather, who is closing in on a hundred years of age now, is a dab hand at surfing the internet and troubleshooting the more common issues associated with computing. And that is because he went to a computer class at his library back when he was 92. He picked things up quickly but others didn’t and so the instructor never thought to mention a thing about the threats online lest it should confuse people.
Shame on him.
But, moving on from the more elderly people in society, my experience is that it is the younger people who actually struggle the most.
More fool me perhaps, but some people where I work (that’s retail not security by the way) learned that I have an interest in computers (but not security specifically – some things stay private). As a result, I seem to have an almost endless stream of computers, laptops and netbooks appearing in front of me during tea break. And I only get 15 minutes out of a whole shift!
So what sort of people need my help?
All sorts. Where I work the staff represent just about every level of diversity you could think of but on my shift we are missing one demographic which is the elder person (I’m the oldest actually. Yikes!)
Everyone is mid-30s or younger and none of them have a clue. But they are not typical inner-London school dropouts (that’s a fallacy anyway), but rather ex-college students, current university students, and we even have a couple of first class degrees on my shift – thank you Mr Recession.
None of them know jack about computers or security though. They are fairly competent with technology and the devices they have while they are working as they should but as soon as they go wrong they’re lost.
Just this week I’ve discovered how one team member’s son had been viewing videos that are, let’s say, incompatible with their faith, despite his dad installing parental controls (his son is far more tech savvy than he is).
Another had what I imagine is every parent’s worst nightmare on his laptop – the always on but light not shining webcam that was recording who knows what when anyone was in front of the screen.
A third member of my team this week borrowed a colleagues mobile phone, got her to say her passcode in front of everyone and then used it as a hotspot to get online on his netbook so he could do some online banking. One cup of tea too many and he rushed to the gents, leaving his PIN reader and bank card on the table, not to mention he forgot to sign out of his account.
But oh so common.
Thankfully, moves are afoot to address the general lack of knowledge and security awareness within the UK but I can’t help but feel it isn’t enough.
It’s great that kids will be encouraged to code at school and employees are being trained to look after company, data but we’re still missing out large swathes of society.
Nothing good can come from that in my opinion and it’s hard to see how the situation can be rectified.
Sure, we have Get Safe Online week and all that, but no-one I know outside of security circles has heard of it, let alone learned from it.
Remember people: security awareness is for everyone, not just Elizabeth R, young kids and employees.