Bear with me, this is actually a computer security post. In parentonomics Joshua Gans cites an Australian study according to which doctors believed they washed their hands after going to the toilet 73% of the time. Close monitoring however revealed that this happened only 9% of the time. This in a pediatric intensive care unit!
This is a simple requirement: Wash your hands when leaving the toilet! One would expect that medical professionals, of all people, would follow it and not believe that they follow it.
So if the most simple measure, and one instructed to them from a very young age, cannot be followed through, how on earth are we supposed to make people read, understand and actually follow any security policy? How much simpler than “wash your hands“ does it have to be?
Recently I heard the argument that “I do not mind using cracks and pirated software*, since I trust the source”. Oh really? I am sure they [the source] wash their hands every time too…
In the case of hospitals the problem was solved using a kind of public embarrassment (screen savers with the names of doctors with no clean hands). Or as Gans puts it “Data plus shame equals trust”. However, I am sure that no legal framework can allow for the public embarrassment of any computer user. Nor any administrator wishes to make more enemies among their users than they already have.
[*] – Using cracked versions of software when the price is not right is not the way to go. If you want to punish the vendor quit using their product and stop advertising it by using it.