IT Trenches

Apr 29 2009   12:40PM GMT

Training users? Do they still do what you tell them NOT to do?

Troy Tate Profile: Troy Tate

Here’s a story that might help you think of a creative method to train users to NOT do what they continue to do even after you have instructed them in proper use of computer systems.

Lipstick in School (You’ve got to love this Principal)

According to a news report, a certain private school in Washington
was recently faced with a unique problem. A number of 12-yr-old girls
were beginning to use lipstick and would put it on in the bathroom.
That was fine, but after they put on their lipstick they would press
their lips to the mirror, leaving dozens of little lip prints. Every
night the maintenance man would remove them and the next day the
girls would put them back. Finally, the principal decided that
something had to be done.

She called all the girls to the bathroom and met them there with the
maintenance man. She explained that all these lip prints were causing
a major problem for the custodian who had to clean the mirrors every
night (you can just imagine the yawns from the little princesses.)

To demonstrate how difficult it had been to clean the mirrors, she
asked the maintenance man to show the girls how much effort was
required. He took out a long-handled squeegee, dipped it in the
toilet, and cleaned the mirror with it.

Since then, there have been no lip prints on the mirror.
There are teachers…and then there are educators.

Thanks for reading and let’s continue to be good network citizens!

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Stiltner
    Hah, now thats a good story. That one I can truly appreciate. I will parrot the sentiment that far too many people are either A) Uneducated or B) Unaware of how important security is in an end user scenario. Administrators can do so much, but social engineering has to take the rest of the slack up and help those people learn these things, and not just to sign a piece of paper to CYA, that to me is more dangerous than leaving them ignorant to the importance. I've been through corporate security training, it was all of 10, maybe 15 minutes, sign the paper and go on with life. That kind of policy is to me weak, and only meant to appease attorneys. I realize there's costs associated with training, but how do those compare to the costs associated with a breach related to uneducated personnel.
    205 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: