Security Awareness Blog: Category - Security Awareness Planning

Awareness Training for Those Marketing Folks

One of the challenges with awareness training is no single set of training will address all of your organization's needs. While almost all employees share some common human risks (email, social media, passwords, etc) there are specific roles that require additional or specialized training. One example is IT Staff, because of their privileged access they … Continue reading Awareness Training for Those Marketing Folks


Malware Posing as OUCH! Newsletter

We learned over the weekend that there is an infected PDF file posing as the July OUCH! security awareness newsletter (thanks to @botherder for original notification). You can find the analysis of the PDF file at the Malwr website. While we have not found this in the wild yet, we wanted to warn the community. … Continue reading Malware Posing as OUCH! Newsletter


Guest Post: I Have Seen the Future, We Still Need Awareness

Editor's Note: This guest blog post is from John Andrew at Honeywell. In my last ''Securing the Human' blog, we looked at the need to persuade key decision makers - encouraging them to go beyond a ''Check the Box' Security Awareness mentality. We looked at the wildly successful ''Smokey the Bear' awareness campaign, and discussed … Continue reading Guest Post: I Have Seen the Future, We Still Need Awareness


July OUCH! Newsletter - Spear Phishing

This month's edition of the OUCH! security awareness newsletter is out, for July we discuss Spear Phishing. We choose spear phishing as our topic because it is becoming more and more common, we felt it important that people understand the concept and term. In addition, we wanted people to understand how to protect themselves, and … Continue reading July OUCH! Newsletter - Spear Phishing


Do Phishing Assessments Desensitize Employees?

A question I am commonly asked about Phishing Asssesments is do they desensitize employees? Do employees beging to treat phishing (both real attacks and simulated attacks) as a frivolous game, ultimately exposing the organization to more risk, not less? Based on my experience I would have to say a resounding no. To be honest, if … Continue reading Do Phishing Assessments Desensitize Employees?