Dunce Hat or Laptop of Doom? The Choice is Yours

Written by

Recently a friend invited me to a party—it was full of people I hadn’t met before, so naturally while engaging in small talk with other guests we went through the standard protocol: “Where are you from? How do you know the host?” Before you know it, we’re at the “what do you do?” question.

I answered with ‘superhero’. Unsurprisingly this earned me a few odd looks, so I begrudgingly backtracked and clarified that I was in fact an IT superhero. I still received a few raised eyebrows but at least they knew what I did.

After an awkward silence, a couple I was speaking to said they were always eternally grateful for the IT department for constantly fixing their ‘slow’ laptops. This got me thinking: what is it everyday people think IT pros spend their days doing? Evidently from this conversation, most believe the IT department is only there to fix broken laptops, which is far from the truth.

That’s not to say it’s not part of our job, but it’s not ALL of our job. As an IT pro, our skills are far and wide and an average day can include anything from patching and monitoring, disaster recovery planning and configuring networks (to name a few). So it’s understandable that I was somewhat baffled that this couple acted like the only job for an IT pro was to fix people’s devices.

I assume part of the reason for this misconception is because people’s main interaction with the IT department is when they are having a problem. In fact recently I have heard there has been a surge of visits to the IT department from people who have been deliberately misusing their laptops, by assuming their devices are invincible and that nothing bad will happen if they dismiss security warnings that pop up. By taking warnings seriously, users could avoid damaging their devices.

Why click yes?

The computer is an incredibly powerful piece of machinery and is constantly being developed to become smarter. With the breadth of intelligence you can be sure of one thing—the computer doesn’t lie. When you’re browsing the internet you can often accidently (or sometimes on purpose) come across sites that are unsafe. When this happens the computer has software which will try and stop you entering these harmful sites.

This is when warning signs appear, usually with something like ‘do you want to proceed, this site isn’t secure'; or to translate, it’s a polite way of saying “DO NOT ENTER THIS SITE”, but many people always click the yes button, assuming that no real harm could come of their actions.

Similarly, when people are playing a game or streaming a video online they sometimes have a notification that pops-up to say “please install Flash”. Often people then install the suggested version of Flash which, surprise surprise, is malicious and offers a backdoor for viruses.

By ignoring security warnings that pop-up and not checking if the software we are downloading is safe, people are putting their laptops at risk of viruses and damaging the network. What’s more frustrating is the computer explicitly told the user not to do it, but the user was able to override the safety recommendation from the software; all of which could have easily been prevented if they had heeded the warning signs initially.

Changing behavioural patterns

People think all devices are invincible, but this is simply not the case, and people are more frequently making silly errors by ignoring warning signs. If I had my way I would simply not allow users to click" ignore" on most of these dialogs to stop such senseless behavior from continuing.

Since that’s virtually impossible as the IT department can’t control everything, I would also suggest the introduction of some form of dunce hat, which the culprit needs to wear for the duration of the time it takes IT to fix the issue they have caused. This would solve two problems: not only will the recipient of the dunce hat be too mortified to ignore a security warning again, those sitting near the dunce will also not want to become subject to such ridicule and will subsequently take more care.

However, for some organizations, such punishment could be deemed inappropriate. In this instance, I would recommend having a joke with fellow IT comrades by giving the employee a frustrating slow laptop to use whilst theirs is being repaired. Forcing employees to use the ‘laptop of doom’ will quickly make them eternally grateful when their laptop is restored, leading them to have more respect for their tech in future.

Okay, sometimes a slap on the wrist will do the job, and explaining to people why their laptop has packed-up will be more than enough to make them aware of these warnings. But sometimes we all just want to have some fun.

What’s hot on Infosecurity Magazine?