A common misconception of security awareness is creating content is simple. Just pick some random topics, communicate those random topics, and you are done. To be dead honest, that works for compliance. However to effectively reduce human risk, you have to first identify the the greatest human risks to your organization and focus on just … Continue reading The Challenge of Keeping It Short
Folks, yesterday we did a live webcast for Europe on how to build, maintain and measure a high-impact a security awareness program. The webcast was based on the Securing The Human talks I do at SANS events, but with a focus on European challenges (such as privacy issues, translations, etc). I even attempt to pronounce … Continue reading Webcast on Building Awareness Programs - For Europe
I'm a huge fan of phishing assessments, not only are they a great way to measure the impact of your program, but a powerful way to reinforce key behaviors. However as with any tool, you have to use it correctly. A common challenge with phishing assessments is how targeted should you make the emails? Make … Continue reading Phishing Assessments - How Targeted Should It Be?
One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human … Continue reading The Bad Karma of Releasing Names
In February of this year we released some initial research highlighting what we believe to be the Top 7 Human Risks. By top human risks, we mean the human risks that are the most commonly shared amongst most organizations, this is where many security awareness programs should start. The new iPhone/iOS release by Apple addresses … Continue reading New iPhone Addresses 2 of top 7 Human Risks