Impressing Security Upon End-Users Visually?

get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"

Explosions!

[sopssa]

Make a video where the user clicks "Run File" in Internet Explorer and then the building explodes.

Re:Explosions!

[xgadflyx]

Actually, we've found that "making an example" has been the most effective security measure. Call a meeting - "Tom here has decided to do $INSERT_ENDUSER_STUPIDITY, so we're going to take this time to show you what happens.." Then you just grab a hammer and smash fingers. Some people puke others just turn in disgust - regardless we haven't had a user click a fishing email in over 2 years.

Re:Security holes

[snowraver1]

Just show them this:

http://www.youtube.com/watch?v=1SNxaJlicEU

Re:Explosions!

[Anonymous Coward]

There's a freeware program that, when run, starts flashing teh screen, and plays at MAX volume "HEY EVERONE, I'm looking at GAY porno!" ... just send that around, and people will quickly learn not to open programs.

I Have a Vision of...

[mrsquid0]

Hi, I'm Troy McClure. You may remember me from such IT security videos as "Microsoft Explorer: Ubiquitous but Unsecure" or "Passwords: The Road to Ruin".