Isn’t the mandatory training more about shifting blame onto the employee? I thought it was to remove liability for the company so they can say “hey, they fell for it, and we trained them so we did our part.”
Eh, no. Companies don’t give a shit about who’s to blame when everything is encrypted and they’re being blackmailed. And after they mostly care about preventing this from happening again, which is why you have these trainings.
Isn’t the mandatory training more about shifting blame onto the employee? I thought it was to remove liability for the company so they can say “hey, they fell for it, and we trained them so we did our part.”
Exactly.
Eh, no. Companies don’t give a shit about who’s to blame when everything is encrypted and they’re being blackmailed. And after they mostly care about preventing this from happening again, which is why you have these trainings.
Courts might. I thought it was a liability thing when your customers are trying to sue you for gross negligence in the data loss.
Maybe it is, and I know capitalism isn’t big on forethought, but wouldn’t it be better to not do a negligence in the first place?
Though I guess capitalism is kinda like electricity in that way; it’s not about the best path it’s about the most convenient path.