Re: Controls are ineffective without user cooperation

["Stephen J. Wilcox" <steve () telecomplete co uk>]

On Fri, 16 Jul 2004, Christopher L. Morrow wrote:

> > According to an AT&T sponsored survey, 78% of executives admitted to opening
> > attachments from unknown senders in the last year, 29% used their own name
> > or birthday as a "secure" password, 17% accessed the company network in a
> > public place and didn't log out, 9% informally shared a network password
> > with someone outside of the company.
>
> surprised? if you don't teach the baby the consequences then they continue to
> behave badly. I suppose it IS a little bit tough to tell the executive: "Bad
> Exec!! NO COOKIE!!!" or the equivalent in execu-speak :(

I was looking at a friends PC, her mother uses it and she's a bit of a 
technophobe... I was upset that it hadnt had any of the windows updates 
installed since last time I looked at the PC a year ago even tho windows was 
popping up all the time pleading to be updated!

I attempted to explain the whys and what fors and was surprised at her 
reaction.. she still didnt want to run the updates even tho she now understood 
what they do. 2 reasons:

1) she's overwhelmed by the amount of things that pop up at you, ask you to 
click on them, tell you theyre an email from microsoft etc etc

2) she "only uses the pc for web browsing, if it gets infected theres no harm 
that can be done"

So how do you argue with that?

Steve