Some civilians do own
I know there are still a small percentage of people out there that still click on every email link they get, but I would hope that phishing is a dying art and not much would ever come of this. I know that most of the people I supported would not be this amazingly stupid, nor would many in the entire company.
If you work in an IT capacity, I suggest you rethink architecting your security profile based on trusting users not to click on links sending them to websites hosting malicious exploit code.
You might have the smartest CS graduates working in your organization. Each one of them has a computer-inexperienced relative whose had their email compromised in one way or another. From those compromised email accounts, messages are sent to your coworkers that can contain solicitations to view content hosted on a remote website. The possibility of your teammates following those links is especially high. Once the exploit code has hit the desktop OS, it's inside your network. If you have vulnerable routers, the attackers can use the beachhead of the first compromised desktop machine to change the DNS settings on the network router. Now, every single user in the organization is vulnerable to being redirected from "www.google.com" to "www.exploitsite.com" while they still only see the friendly google search page in their browsers when they try to do a search.
Don't trust the end users. They're the weakest member of your corporate security.
As a result of this and a number of other confidential issues I don't trust Mega anymore. I don't think your data is safe on Mega anymore.
If his implementation of Mega was dependent on the 'trustworthiness' of the operators, then it was never truly encrypted. Nor should we expect his next iteration of cloud filesharing to be fully encrypted.
What are all those scientists, engineers and business experts at a huge multinational corporation thinking?
Probably they're thinking, "I really like this paycheck. The product we're developing has no chance of gaining traction in the marketplace, but that's my boss' fault for coming up with this idea in the first place."
Do you really think those people are going to argue with management that they shouldn't have a job developing this concept?
They are to explain the reasoning behind the code.
This is a huge purpose for comments. Also, maybe I can interpret the code perfectly well without comments. How well can I depend on everyone else who is modifying the code to be able to interpret it properly.
Well-documented code helps protect it from the introduction of bugs by later contributors.
anything else i can do?
Modify SSHD config to listen on non-standard port. It will greatly diminish the log traffic you'll see of failed attempts. This could be important if you're using fail2ban as well and don't want your iptables to bloat unreasonably.
Stay away from configuring port-knocking. It becomes a real pita when you want to scp a file at the spur of the moment.
You're talking about a profession that in many cases has either no training or dubious training.
This is a field that requires a masters degree and certification.
You're probably thinking of faith-based social organizations that attempt to provide counseling services. Those agencies do not provide effective treatment for the ailments you mentioned. At best they might be able to provide some marriage counseling assistance.
"Don't tell me I'm burning the candle at both ends -- tell me where to get more wax!!"