A common mistake I often see organizations make with their security awareness program is failing to plan long term. Quite often organizations get caught up in the initial roll-out of their training, but forget to plan on updating their program at some point. Its key that you update your program at a minimum once … Continue reading Updating Your Awareness Training
Most security awareness training is focused on changing human behavior. People already know how to perform a specific skill, awareness simply teaches them how to perform it more securely, such as when using email. However there are times when you need to teach people new skills. While not designed for awareness training, a new poster … Continue reading New Poster Helps Your IT Admins Become Human Sensors
Organizations around the world are beginning to address the human when securing their organization. The days of just compliance focused training are gone, we need to also effectively change behavior. To achieve that, you need the right person in charge. Below is an attempt to describe what the job description of a security awareness officer … Continue reading Job Description for Security Awareness Officer
During my human metrics talk at RSA last month, a common question was how to get support for an internal phishing program. Phishing assessments are a powerful metric, not only do they measure a high human risk, but they are repeatable, quantifiable, actionable and low cost. This is why phishing has become one of the … Continue reading Getting Support and Approval for Phishing Assessments
I consistently find passwords one of the most challenging part of any awareness program as we have to teach people a patchwork of confusing rules. These rules can include always use long, complex passwords, never share your passwords, unique passwords for every account, never write your password down, be cautious of personal questions, and more. … Continue reading Why the 90 Day Rule for Password Changing?