I’m a very chaotic person, and I tend to forget the date for returning books to the library, for example. The last time I went to the local library, I wanted to take out a book, but apparently my library id-card was very old (I still had the junior card) and the new library assistant asked me to change it. In the process, I felt quite insecure to whom I was giving my information to. To start with, all the system seemed to rely on Windows 95, which already gave me the thrills, but apart from that, all the process (mid digital, mid paper writing) seemed poor.

So, after a big sigh I asked the assistant “Do you have any clue on how data protection works in this place?” I tried to be polite and smiled, in a hope to get just a phrase of “Sure! It’s secure and the data relies on X institution, if you have any complaiment blah blah”. I got a “Sure it’s secure!” firstly, but instead of the administration speech, the assistant apparently had a wide knowledge of the Data Base system (I was surprised) but even more surprised when the assistant gave me precise information about tokens and relations in the database. I had encountered feelings: I was so happy that the woman spent some time learning about the system and how it works (I’m a fierce defender of tech learning) but on the other side she was basically giving me a manual on “How to easily hack the database”.

So it made me thought, can human error (where social engineering enters) be partly avoided by teaching security to non-tech professionals in every job tech has a role? Maybe tech education is already a part of professional education in companies and institutions but security is not, could it be even more dangerous to give tech resources to these professionals without security advise? Maybe this could lead in a brand new security professional oportunities. Do you have a security education plan where you work? I think this might be even more important when working with personal clients information.

Originally written in: https://dev.to/terceranexus6/the-importance-of-human-security-6af

Security Sprint: Week 10 : 11 - Bluetooth hacking experiment and open tools

I've been quite in many things lately, which didn't allow me to study all I wanted to. I'm mainly in two things, distributed ledger exper...… Continuar leyendo