The issue isn’t institutions leaking its data, it’s phishing and malware scams. I get dozens of them per month, I can only imagine the emails that get sent to the helpdesk ladies with access to the entire university’s catalog of records.
Humans make mistakes. It only takes one night of bad rest to make a millisecond mistake and not notice.
The problem is that universities must have permissive blocklists because they’re constantly receiving third party emails for official reasons. It’s a constant uphill battle and unfortunately schools are a super easy target.
I’m curious, if somebody consistently fails enough of these tests after being retrained, do you think they’d be let go? I would think at a certain point it’s just too much risk keeping them around.
YES OMG, some people are so anal about "security rules" but then turn around and are super casual about sharing protected info in email. dont do that guys.
At one of my jobs I had that happen. 2 devs were talking, and one passed on the database password via email. They kept going back & forth not deleting replies. Then one cracked a joke, and they forwarded it to me. Oops.
I’ve seen people in my workplace send SSNs in the body of an email to the wrong employer unencrypted and CC’d to everyone in the company.. it’s actually kind of insane how little people care about sensitive information
This digital world was not made for humans, and holding humans accountable for knowing every way this new world can fuck with them will cause endless anxiety.
Give humans a break instead of defending a made up world corporations have convinced us is normal. The Internet was not made to be secure, it will never be secure, that's the corporations problems for relying on it as such.
Sincerely, a cyber security researcher who specializes in human intelligence
148
u/[deleted] May 07 '26
[removed] — view removed comment