One of the challenges with awareness training is no single set of training will address all of your organization's needs. While almost all employees share some common human risks (email, social media, passwords, etc) there are specific roles that require additional or specialized training. One example is IT Staff, because of their privileged access they … Continue reading Awareness Training for Those Marketing Folks
A question I am commonly asked about Phishing Asssesments is do they desensitize employees? Do employees beging to treat phishing (both real attacks and simulated attacks) as a frivolous game, ultimately exposing the organization to more risk, not less? Based on my experience I would have to say a resounding no. To be honest, if … Continue reading Do Phishing Assessments Desensitize Employees?
The June edition of the OUCH! security awareness newsletter is out. This month we focus on URL Shorteners and QR Codes. While these technologies are not what I would consider a high priority risk (compared to some of the other human risks we see) what makes these technologies unique is many people do not know … Continue reading June OUCH is Out
As many of you know Verizon recently released their 2013 DBIR (Data Breach Investigations Report) which analyzes 621 known, documented breaches collected from 19 organizations. There is a huge wealth of information here, and if you have time read it. You can download it from http://www.verizonenterprise.com/DBIR/2013/ There is alot of humor injected, which makes … Continue reading DBIR Report - A Fascinating Human Perspective
Security awareness has gone through immense changes in the past two years. It has quickly grown from a compliance driven, once a year dreaded event to an engaging solution focused on changing behaviors. Here are the top three indicators a program is truly a 'next generation' awareness program. 1. Behavior: The biggest indicator is the … Continue reading Top 3 Indicators of a Next Generation Awareness Program