• @Railing5132
    link
    English
    47 months ago

    I’d say a little yes and a little no. I educate every new user that comes into my company on infosec awareness, with a big segment on data footprint and information leakage. I show them where their data is, how easily and with how many ‘channel partners’ share social, history and other data, and where they’ve been exposed in real time. I’ve done this with a few thousand people. The overwhelming majority say: “I’ve got nothing to hide.” Or: “if I get better deals, it’s fine.” not getting that by being tracked they’re probably getting worse deals.

    For the “nothing to hide” folks, I ask to see their wallet or purse. They’re all scoffs and brave mugs initially as they show how unafraid they are as I start rummaging through at the front of the class. Then I start pulling out cards and ID. And they’re still OK as I glance around the room. Then I pull out my phone and tuem my back - then a lot of nervous shifting in seats starts happening as I look over my shoulder while taking pictures of the floor with the shutter sound turned on. That’s the point where I ask if they truly have nothing worth protecting.

    And at the end of all that - after setting up and teaching them how to use the comped corporate password manager, 80% still make passwords that they’ve used before. THE SAME DAMN MORNING as these exercises.

    I don’t think people care. And they certainly don’t know. But they don’t want to be bothered by the nuance of it all. It’s just too much, which is why we need a congress with a goddamned backbone to pass some legislation with teeth to protect customer’s data.