Live-blogging my cyber security awareness training

an IM chat with my partner.

ME: and now, for sauce, an hour-long video training on ‘cyber security awareness’.
WHY WHY WHY are there so many videos I HATE VIDEO TRAININGS
just write down the things that everyone under 50 knows, and it’ll take 5 minutes to read.

[#2 notes that Grumpy Rumblings does not endorse tired age stereotypes about technology knowledge or lack thereof.  Workers over 50 ALSO know this stuff.]

PARTNER: not all employees are under 50 :)

ME: “Don’t answer phishing emails” DURRRRR
durrrrrrrrrrrr
don’t share passwords durrrrrrrrrrr
Partner, did u know that phishing emails are common?
This ‘cyber attacker’ is wearing google glasses

PARTNER: they do that!
ME: do they???
PARTNER: no

ME: hey if a stranger calls u on the phone and tells u that ur computer is infected and u need to go buy this software to fix it… durrrrrrrrrrrrrrrrrrrr
“Simply hang up the phone or ignore the email.” This is some quality sh*t.

PARTNER: well, taunting them wouldn’t be very professional

ME: hey another unit about email
DO NOT OPEN THE ATTACHMENT
also the ‘cyber attacker’ is a man of course
o wait, this one’s a woman– also wearing google glass

here’s a hint: your bank’s not going to ‘deactivate’ your account.

This envelope is vibrating. I wouldn’t open that.
“Browsers are one of the primary ways we interact with the internet.”

PARTNER: good to know
ME: right?

“Should you heed security warnings?” gee what a hard quiz

“social networking websites are one of the most exciting technologies on the internet!”
this is definitely written BY 60-year-olds, FOR 60-year-olds.
oh no that guy got a fishing hook through his FACE

[#2:  See above disclaimer.  60 year olds who work have gone through more of these security trainings than #1 has.  They are aware of social networking.]

PARTNER: ow
ME: your friend doesn’t actually need you to wire money to him in Romania
PARTNER: I dunno, sometimes my friend is in Romania
ME: and they can only contact you via facebook?
PARTNER: well, probably not.

ME: also this video has bad grammar.
ooooh kidnapping your child, that’s definitely the item choice I’m picking.
I thought we were going to learn about encryption there for a minute, but no. That would be much harder than “don’t click that link, yo”
“Not only can you call anyone IN THE WORLD” using your cell phone… go figure.

PARTNER: well, usually I can’t call you, actually.  [This is because #1 is the only person left in the US without a cell phone.]
ME: in the WORLD, Partner.
hahahaha “never jailbreak your own phone”

PARTNER: then teh haXX0Rz will pwnz you!
ME: don’t go to http://www.EvilAntiVirus.com — I bet you shouldn’t click on that link
PARTNER: Firefox can’t establish a connection to the server at http://www.evilantivirus.com
ME: sad
the section on passwords promises hilarity
oooh passphrases. Use numbers in place of letters. Are you listening, 60-year-olds? [#2:  60 year olds probably have as many passwords as the rest of us non 60-year olds]
PARTNER:  31337!
the password ‘p4$$w0rd’ is totally uncrackable!
ME: hey don’t use your banking password for youtube
PARTNER: but then how will I remember my youtube password?
ME:  o noes
never share your password, Partner. It is a SECRET.

PARTNER: Keep it secret. Keep it safe.
ME: Enable “Hobbit-level” security.
Don’t send important secret work information to your personal email

PARTNER: but how will I get it home?
ME: Don’t log in as root unless you need to…
this guy seems to have an RFID chip embedded in his clavicle
that seems… not-ideal
PARTNER: ow

ME: don’t install software that has the Jolly Roger on it.

PARTNER: but I really liked Assassin’s Creed 4
ME: me too!
“These steps should be applied in a way that is consistent with our policies.” no, really?
argh, grammar.
hey that loud-ass bird is back, the one that likes to sit outside our window and look at us. What’s up, loud bird?

PARTNER: tweet
ME:  “Which of the following is a typical step that an attacker will take after compromising a system?

A. Installing Microsoft Office on your system.”
ha!

“If you believe your system has been compromised, you should: A. Continue using the system so the attacker does not become suspicious” — YES, YES, pick that one

WITH GREAT POWER COMES GREAT RESPONSIBILITY

This data management policy is laid out like a football play. Am I the running back or the tight end?

“We hope you enjoyed your security awareness training.”  NOPE.

PARTNER: thaT DOES NOT CHANGE THEIR HOPE THOUGH

ME: hahahaha
“Remember, our goal is not to scare you from using the internet.”
“Technology is a tremendous tool that enables you to accomplish amazing things.”  Ok, Grandma.  [#2:  Most grandmas are well aware of facebook and skype etc.]

[end.]

Later, my co-worker started the same online training and spontaneously burst into giggles.  “Welcome to the 21st Century?” she asked.  “It gets worse,”  I told her.

#2 notes that her IT training just switched to slow and stupid.  No skipping to the quiz anymore.  No just reading the slides and fast forwarding them.  Nope, you cannot move ahead until they’re done talking.   And it’s an hour and a half with a huge amount of useless prologue.  UGH.  So, of course, instead of actually paying attention, I’m just letting it run on my secondary monitor, clicking next whenever I notice a slide has finished (there are ~150 slides).  If they want me to learn something, this is not the way to go about it.

What’s the dumbest training you’ve been to?  How can we all be less ageist?

38 Responses to “Live-blogging my cyber security awareness training”

  1. Miser Mom Says:

    Last time we had one of these, I brought J-son with me. (He had the day off school that day, so I had to do something with him anyway). It was PERFECT for him. He was astounded that any of these could be scams. Because it wasn’t just his crazy, uber-frugal mom freaking out about this, he believed it, too. And he and N-son had managed to infect several of our family computers with icky viruses, which they haven’t done since. So I have a soft spot in my heart for the last cyber-security presentation I went to.

    • Leah Says:

      See! There is an audience for some of these, and the audience is under 60 sometimes ;-)

      • chacha1 Says:

        I think the audience is under 16. Everybody else knows this, or deserves to have their hard drive eaten from the inside out.

      • Leah Says:

        Maybe we should give the security training to students. I get really frustrated whenever people talk about how my students are “digital natives” and don’t need computer classes. They might know how to snapchat and instagram, but they don’t automatically know how to use excel or write good emails.

      • nicoleandmaggie Says:

        I KNOW! I’ve been blaming NCLB for not teaching them excel, but you’re at a private school, so it can’t just be that.

        When I started, my students were better at computers than I was, but now they can get through K-12 and even college (for some of my grad students) without knowing how to find a file they just downloaded to their laptop.

      • chacha1 Says:

        The nineteen-year-old who greeted me at the Windows store when I was shopping for a new laptop three years ago claimed “nobody uses media drives.” Le sigh.

  2. Leah Says:

    While I do love our health services people, we have to do a health services training every single year, and it’s the same one. We also do CPR every other year (and I sit through CPR every single year, since I advise the grade that does CPR training, thus doing CPR training 2x on my personal training years). I now have all the videos and slide shows memorized. Thankfully, we can still fastforward through the slideshows. But the CPR takes two or three hours. Blegh.

    I did once sit through an OHSA training when I was in grad school. It was mostly boring but sometimes useful. I think it could have been more useful had the OHSA person just met with different departments and tailored the talk to our needs.

  3. Jenny F. Scientist Says:

    We ALSO have the same ridiculous cyber security training every year! But ours is split into 15 videos which you can play all at once and then take the quizzes. Probably the dumbest. Though the faculty orientation where Dumb Engineer tried to tell us students shouldn’t be allowed bathroom breaks and then the (uni president type) made a bunch of sexist and patronizing references is a close second.

    I don’t know about the ageist part but this kind of training could be improved by giving you the quiz first and then only making you watch stuff if you missed the relevant question. When I worked for a software company there was a TON of training but most of it managed to be useful-ish or at least less rage inducing.

  4. Jenny F. Scientist Says:

    Oh, I forgot rad safety training. That was useless and included zero practical advice on what to physically do to avoid, say, contaminating the university’s transit system, a hallway, two offices, and a lab with P-32 FOR EXAMPLE (dumb undergrad).

  5. Bardiac Says:

    Just remember, the people who paid for this training also tend to believe that on-line classes are IDEAL!

  6. crazy grad mama Says:

    *bursts out laughing* Thank you for this.

    We haven’t had any truly bad training sessions in a while (which is somewhat shocking, now that I think about it). There was the anti-harassment one a few years ago for new TAs, but there was some useful information there about how to report stuff your students are experiencing, even if we did have to watch videos of some extremely staged scenarios.

  7. chacha1 Says:

    I go to a lot of trainings because law, but there is usually something fresh and new and horrifying that gives them entertainment value. :-) Like the cybersecurity training in which we were advised that our firm’s network has on the order of 6000 incursion attempts EVERY DAY. And the harassment training in which a bunch of male attorneys committed multiple fails, proving that prosperous well-educated white men still don’t get it.

  8. becca Says:

    I am so, so, so very glad the urge to snark at these things doesn’t mean I am uniquely unfit for living in society.

    The only one I actually thought was memorable was a chem safety one where they took actual pictures of “do NOT do THIS” from labs at my institution. It was… appalling. And hilarious.

    • nicoleandmaggie Says:

      When we were RAs in a dorm we had to see a fire safety video that made us never ever ever want to get a cut Christmas tree. (This is the main reason we go with live Rosemary bush trees most years.)

      • Jenny F. Scientist Says:

        Ever see that one lab safety video from the 90s where the guy stabs himself in the hand with a glass pipette and it fills up with fake blood?

      • fizzchick Says:

        Out of replies, but yes! I have seen that video with the guy stabbing the fake hand so that he gets more of the fake blood spurting up into the pipette. It’s about the only thing I remember from middle school science at this point.

  9. Cheyanne Says:

    HA HA HAAAAAAAAAA

    This is my daily life. Last week one of my coworkers came up to me with a wireless mouse and told me “Sara (fake name) told me you were the only person in the office that can change the batteries on these things.” ………………………………………………………………………………………………………………………………………………………………………………………………………Siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiigggggggghhhhhhhhh

  10. Mrs PoP Says:

    haha – but question of the day – what did the cyber security video have to say about voice as an effective biometric?

    The only HR type videos I remember viewing were cheesy sexual harassment videos, which were terrible and also obvious… You mean it’s inappropriate to make lewd remarks at a coworker?!?

  11. Comradde PhysioProffe Says:

    The last time I succumbed to any kind of cyber attack was the “iloveyou” worm in 2000.

  12. Rebeck Says:

    Work in a public library for half a day and you will no longer think that only “60 year olds” don’t know stuff about technology and cyber safety. I’ve had to explain the difference between a user name and a password to more than one 20 year old.

  13. Jay Says:

    We had video training on ICD-10 (new medical coding system – well, new to the US and old news to the rest of the world) that was horrendous. The narrator explained in great detail at the beginning that he used to be an orthopedic surgeon and now he can’t operate anymore because of some kind of work-related disability. This was repeated at the beginning of each of the three modules. There was a great deal of repetition, a lot of fancy arrows pointing at placeholders, and very little actual content. I set it up on my computer and did crosswords on my iPad while it ran. I’d already been oriented to ICD-10 because Hospice had to start using it before everyone else. Anyway, about a week after I watched the stupid thing, there was a mass Email sent out apologizing for it and directing us to more useful resources elsewhere…I guess other people complained.

    • Jay Says:

      And then there was the parenting video we saw when Eve was born that included the deathless line “Daddies make good burpers”.

  14. Rosa Says:

    every year we ridicule my husband’s ethics training. Wait, it’s still illegal to do insider training? And bribing foreign officials is wrong? WHO KNEW.

    • Anu Says:

      Oh yes, I love to make fun of our company’s don’t buy $1000 handbags on the company dime ethics course from last year. Shocker!

      • nicoleandmaggie Says:

        Our ethics training is actually kind of useful because there are a lot of rules that don’t make any sense but we have because we’re state employees. I think that’s the only training in which I’ve learned things. Not sure how useful said things are (ex. don’t park a university vehicle in front of a liquor store), but were definitely new to me when I first took the training (10th time through not as useful…).

      • Jenny F. Scientist Says:

        I also suffer from being a state employee. We’re up to ten online modules per year now, all of them useless.

  15. ChrisinNY Says:

    Don’t know if your trick will work, but due to access for those with disabilities, our video training (done online) must offer a read/text option. So I always choose that one and just read the text- zipping through. Takes a lot less time and I have fulfilled the requirement.

    • nicoleandmaggie Says:

      We’re not allowed to advance screens until the talking has stopped. There is closed-captioning, but it goes at the same speed as the talking. And they’re just reading off the slides *anyway*. They’ve gone out of their way to make it difficult to just read and take the quizzes.

  16. ChrisinNY Says:

    Ooops that should read “my” trick.

  17. SP Says:

    Do you work where I work? I’m doing mine now, it is super annoying and equally silly. Can’t I test out of this??

  18. MutantSupermodel Says:

    I’ve been teaching my 86 year old grandma how to use the tablet she got. She gets a lot more than she lets on and she complains about not knowing anything…. it’s odd. Also, I am constantly stunned at how much stuff I take for granted as “common sense” technology stuff is not so common after all….


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: