After several years of running phishing programs and working with other organization's on theirs, I'm starting to notice a trend. Sooner or later everyone falls victim to a phishing assessment. Heck, even I fell victim to a phishing assessment once, and it was my own assessment (happy to share that story, but the price is … Continue reading Failing a Phishing Test - Rite of Passage
One of the ideas I pulled from John Kotter's book Leading Change was a suggestion on Human Resources. Have your HR team align performance evaluations, compensation, or promotions based on peoples' security behaviors. This does two things. First, it increases motivation because people see an actual, tangible gain by changing their behaviors. But even more … Continue reading Aligning HR With Secure Behaviors
I just finished the excellent book Switch: How to Change Things When Change is Hardby Chip and Dan Heath. Similar to John Kotter's book Leading Change this book is ultimately about changing behavior. While Kotter's book is strategic and focuses on change in large organizations, Switch is more tactical and at the individual or small … Continue reading Book Review - Switch: How to Change Things When Change is Hard
Folks, I'm excited to announce that SANS MGT433 (Building a High-Impact Awareness Program) is coming to Canberra, Australia 18/19 March next year. This will be the first time this intense two-day class has ever been taught below the equator. If you are Down Under and your organization is building a new security awareness program … Continue reading Coming to Australia - Building High-Impact Awareness Programs - A Two Day Course
December's OUCH! is out. For this month's security awareness newsletter we decided to cover Anti-Virus. Guest Editor and malware expect Jacob Williams walks you through exactly what anti-virus is, how it works and most importantly its limitations. Ultimately our goal is for people to understand that while anti-virus is an important part of your … Continue reading OUCH is Out - What is Anti-Virus?