All of the words in the title are words Iâ€™ve heard used by fellow technical types to describe our users, our colleagues. If you make an honest mistake, do you call yourself these names? If your best friend or spouse messes up, is your first move to accuse them of carelessness?
The Chronicle of Higher Education article entitled â€œTop 10 Threats to Computer Systems Include Professors and Studentsâ€ described students and faculty as the number five and number four threats respectively to computer systems at institutions of higher learning. Fineâ€”I wonâ€™t dispute that, not for a moment. But the article goes on to say this:
Every year students seem to become more careless about computer security, according to some college officialsâ€¦the only people more careless on their computers than students are professors.
Students attend university to learn. If they were already equipped with all the knowledge they needed to get through life, they wouldnâ€™t enroll. The current generation of undergraduates was raised with computers by parents who werenâ€™t. It should come as a surprise to no one that they were not given cybersecurity lessons at home, and maybe not even at school. They arrive at college knowing just enough to be dangerous. They are given a login and password that gains access to everything from their e-mail to their financial aid, but they donâ€™t yet fully grasp what that means. They donâ€™t understand the implications of a breach of that passwordâ€™s confidentiality, or they put too much faith in the motives of their newfound friends. When they make a mistake, does that make them ignorant? Yes. Are they worthy of being called names? Definitely not.
Faculty and staff are another matter entirely. Many are old enough that they were not raised on technology. Some would even rather not use it. We drag them, sometimes kicking and screaming, into the information age. Should it come as a shock when some of them make mistakes? They are scammed by phishing messages, they install malware, they carry sensitive information around on USB sticks that get misplaced. I have had the opportunity to work with several faculty members who fell for phishing messages. Never once have they said â€œyou know what? I replied because I just donâ€™t care.â€
When I was an acerbic little girl (as opposed to the acerbic woman I am now) my mother used to remind me that I would catch more flies with honey than I would with vinegar. We must watch our language when we speak about the people we support. Even among friends, the way we regard users matters. If you practice derision and nastiness in private, it will come out in public. They are not idiots, they do care, and by and large they do not choose to act with malice when they misuse information and systems.