One of the great things about awareness training is not only do staff become more aware and prevent incidents, but they start reporting attacks also, they become human sensors. Today I got just such an email from an employee reporting a phishing attack (click on email for larger view). The email was all about clicking … Continue reading Symantec, How Could You?
When it comes to securing the human, Mobile Device are one of the top ten risks I'm seeing organizations the most concerned about. It makes sense, mobile devices now have the same computing power (and risks) as your laptop. The only difference is mobile devices are easier to lose or have stolen. However, risks with … Continue reading When Mobile Devices Control Every Aspect of Your Life
A common misconception of security awareness is creating content is simple. Just pick some random topics, communicate those random topics, and you are done. To be dead honest, that works for compliance. However to effectively reduce human risk, you have to first identify the the greatest human risks to your organization and focus on just … Continue reading The Challenge of Keeping It Short
Folks, yesterday we did a live webcast for Europe on how to build, maintain and measure a high-impact a security awareness program. The webcast was based on the Securing The Human talks I do at SANS events, but with a focus on European challenges (such as privacy issues, translations, etc). I even attempt to pronounce … Continue reading Webcast on Building Awareness Programs - For Europe
I'm a huge fan of phishing assessments, not only are they a great way to measure the impact of your program, but a powerful way to reinforce key behaviors. However as with any tool, you have to use it correctly. A common challenge with phishing assessments is how targeted should you make the emails? Make … Continue reading Phishing Assessments - How Targeted Should It Be?