Live-blogging my cyber security awareness training

an IM chat with my partner.

ME: and now, for sauce, an hour-long video training on ‘cyber security awareness’.
WHY WHY WHY are there so many videos I HATE VIDEO TRAININGS
just write down the things that everyone under 50 knows, and it’ll take 5 minutes to read.

[#2 notes that Grumpy Rumblings does not endorse tired age stereotypes about technology knowledge or lack thereof.  Workers over 50 ALSO know this stuff.]

PARTNER: not all employees are under 50 :)

ME: “Don’t answer phishing emails” DURRRRR
durrrrrrrrrrrr
don’t share passwords durrrrrrrrrrr
Partner, did u know that phishing emails are common?
This ‘cyber attacker’ is wearing google glasses

PARTNER: they do that!
ME: do they???
PARTNER: no

ME: hey if a stranger calls u on the phone and tells u that ur computer is infected and u need to go buy this software to fix it… durrrrrrrrrrrrrrrrrrrr
“Simply hang up the phone or ignore the email.” This is some quality sh*t.

PARTNER: well, taunting them wouldn’t be very professional

ME: hey another unit about email
DO NOT OPEN THE ATTACHMENT
also the ‘cyber attacker’ is a man of course
o wait, this one’s a woman– also wearing google glass

here’s a hint: your bank’s not going to ‘deactivate’ your account.

This envelope is vibrating. I wouldn’t open that.
“Browsers are one of the primary ways we interact with the internet.”

PARTNER: good to know
ME: right?

“Should you heed security warnings?” gee what a hard quiz

“social networking websites are one of the most exciting technologies on the internet!”
this is definitely written BY 60-year-olds, FOR 60-year-olds.
oh no that guy got a fishing hook through his FACE

[#2:  See above disclaimer.  60 year olds who work have gone through more of these security trainings than #1 has.  They are aware of social networking.]

PARTNER: ow
ME: your friend doesn’t actually need you to wire money to him in Romania
PARTNER: I dunno, sometimes my friend is in Romania
ME: and they can only contact you via facebook?
PARTNER: well, probably not.

ME: also this video has bad grammar.
ooooh kidnapping your child, that’s definitely the item choice I’m picking.
I thought we were going to learn about encryption there for a minute, but no. That would be much harder than “don’t click that link, yo”
“Not only can you call anyone IN THE WORLD” using your cell phone… go figure.

PARTNER: well, usually I can’t call you, actually.  [This is because #1 is the only person left in the US without a cell phone.]
ME: in the WORLD, Partner.
hahahaha “never jailbreak your own phone”

PARTNER: then teh haXX0Rz will pwnz you!
ME: don’t go to http://www.EvilAntiVirus.com — I bet you shouldn’t click on that link
PARTNER: Firefox can’t establish a connection to the server at http://www.evilantivirus.com
ME: sad
the section on passwords promises hilarity
oooh passphrases. Use numbers in place of letters. Are you listening, 60-year-olds? [#2:  60 year olds probably have as many passwords as the rest of us non 60-year olds]
PARTNER:  31337!
the password ‘p4$$w0rd’ is totally uncrackable!
ME: hey don’t use your banking password for youtube
PARTNER: but then how will I remember my youtube password?
ME:  o noes
never share your password, Partner. It is a SECRET.

PARTNER: Keep it secret. Keep it safe.
ME: Enable “Hobbit-level” security.
Don’t send important secret work information to your personal email

PARTNER: but how will I get it home?
ME: Don’t log in as root unless you need to…
this guy seems to have an RFID chip embedded in his clavicle
that seems… not-ideal
PARTNER: ow

ME: don’t install software that has the Jolly Roger on it.

PARTNER: but I really liked Assassin’s Creed 4
ME: me too!
“These steps should be applied in a way that is consistent with our policies.” no, really?
argh, grammar.
hey that loud-ass bird is back, the one that likes to sit outside our window and look at us. What’s up, loud bird?

PARTNER: tweet
ME:  “Which of the following is a typical step that an attacker will take after compromising a system?

A. Installing Microsoft Office on your system.”
ha!

“If you believe your system has been compromised, you should: A. Continue using the system so the attacker does not become suspicious” — YES, YES, pick that one

WITH GREAT POWER COMES GREAT RESPONSIBILITY

This data management policy is laid out like a football play. Am I the running back or the tight end?

“We hope you enjoyed your security awareness training.”  NOPE.

PARTNER: thaT DOES NOT CHANGE THEIR HOPE THOUGH

ME: hahahaha
“Remember, our goal is not to scare you from using the internet.”
“Technology is a tremendous tool that enables you to accomplish amazing things.”  Ok, Grandma.  [#2:  Most grandmas are well aware of facebook and skype etc.]

[end.]

Later, my co-worker started the same online training and spontaneously burst into giggles.  “Welcome to the 21st Century?” she asked.  “It gets worse,”  I told her.

#2 notes that her IT training just switched to slow and stupid.  No skipping to the quiz anymore.  No just reading the slides and fast forwarding them.  Nope, you cannot move ahead until they’re done talking.   And it’s an hour and a half with a huge amount of useless prologue.  UGH.  So, of course, instead of actually paying attention, I’m just letting it run on my secondary monitor, clicking next whenever I notice a slide has finished (there are ~150 slides).  If they want me to learn something, this is not the way to go about it.

What’s the dumbest training you’ve been to?  How can we all be less ageist?

Advertisements