I'm a very chaotic person, and I tend to forget the date for returning books to the library, for example. The last time I went to the local library, I wanted to take out a book, but apparently my library id-card was very old (I still had the junior card) and the new library assistant asked me to change it. In the process, I felt quite insecure to whom I was giving my information to. To start with, all the system seemed to rely on windows 95, which already gave me the thrills, but apart from that, all the process (mid digital, mid paper writing) seemed poor.
So, after a big sigh I asked the assistant "Do you have any clue on how data protection works in this place?" I tried to be polite and smiled, in a hope to get just a phrase of "sure! It's secure and the data relies on X institution, if you have any complaiment blah blah". I got a "sure it's secure!" firstly, but instead of the administration speech, the assistant apparently had a wide knowledge of the Data Base system (I was surprised) but even more surprised when the assistant gave me precise information about tokens and relations in the database. I had encountered feelings: I was so happy that the woman spent some time learning about the system and how it works (I'm a fierce defender of tech learning) but on the other side she was basically giving me a manual on "How to easily hack the database".
So it made me thought, can human error (where social engineering enters) be partly avoided by teaching security to non-tech professionals in every job tech has a role? maybe tech education is already a part of professional education in companies and institutions but security is not, could it be even more dangerous to give tech resources to these professionals without security advise? Maybe this could lead in a brand new security professional oportunities. Do you have a security education plan where you work? I think this might be even more important when working with personal clients information.
Top comments (1)
That's great that the assistant actually gave you a decent response. I think it really validates what we do as devs whenever we hear that from people who we didn't expect to have knowledge about tech.
Maybe @_theycallmetoni would want to weigh in? She runs a tech literacy nonprofit in the States.