I'm a huge fan of phishing assessments, not only are they a great way to measure the impact of your program, but a powerful way to reinforce key behaviors. However as with any tool, you have to use it correctly. A common challenge with phishing assessments is how targeted should you make the emails? Make … Continue reading Phishing Assessments - How Targeted Should It Be?
One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human … Continue reading The Bad Karma of Releasing Names
In February of this year we released some initial research highlighting what we believe to be the Top 7 Human Risks. By top human risks, we mean the human risks that are the most commonly shared amongst most organizations, this is where many security awareness programs should start. The new iPhone/iOS release by Apple addresses … Continue reading New iPhone Addresses 2 of top 7 Human Risks
Sometimes I'm asked the question why should an organization continue to pursue their awareness training year after year. After all, once people are trained isn't that good enough? Unfortunately no, in so many ways. Think about it, if you kept your computers locked down and secure for just one year, could you stop securing them … Continue reading Why Just One Year Just Isn't Enough
Over the weekend I got a chance to download and play with Apple's new iOS7. From a security perspective, the feature I have seen receive the most attention is the iPhone/iOS's new fingerprint biometric support. However, there is something else that I feel is important that has NOT received the attention it deserves. iOS7 now … Continue reading Auto-updating on iOS7 / Maverick