One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human … Continue reading The Bad Karma of Releasing Names
In February of this year we released some initial research highlighting what we believe to be the Top 7 Human Risks. By top human risks, we mean the human risks that are the most commonly shared amongst most organizations, this is where many security awareness programs should start. The new iPhone/iOS release by Apple addresses … Continue reading New iPhone Addresses 2 of top 7 Human Risks
Sometimes I'm asked the question why should an organization continue to pursue their awareness training year after year. After all, once people are trained isn't that good enough? Unfortunately no, in so many ways. Think about it, if you kept your computers locked down and secure for just one year, could you stop securing them … Continue reading Why Just One Year Just Isn't Enough
Over the weekend I got a chance to download and play with Apple's new iOS7. From a security perspective, the feature I have seen receive the most attention is the iPhone/iOS's new fingerprint biometric support. However, there is something else that I feel is important that has NOT received the attention it deserves. iOS7 now … Continue reading Auto-updating on iOS7 / Maverick
In the past two weeks I've taught three different security seminars at three different organizations, each time for their security staff. A common trend I'm seeing and that continues to surprise me, and was confirmed at all three events, is that most employees still do not realize they are a target. I thought with all … Continue reading Who, Me?