Blog
The CybSafe blog is a collection of stories, updates and guidance for people-centric security professionals.
How to strengthen your cybersecurity with user research
People-centric cybersecurity isn’t just another industry buzzword. In fact, it should be one of your management goals. Here’s how to get started.
Security awareness is dead: 4 things holding your organization back
Security awareness isn’t everything. It’s taken the industry a long time to admit it. And it’ll take most organizations a long time to accept it. Don’t let yours be one of them.
How to make data backups a regular part of everyone’s day
A strong backup game can be the difference between success and bankruptcy. And behavioral research holds the key.
Achievement unlocked: How behavioral science transforms device security
People lock their houses, their cars, and even their sheds full of worthless junk. So why don’t they lock their devices?
Why people are so attached to their dirty password habits
Today’s security training needs to look beyond people’s behavior. Read on to find out how you can ensure your employees are aware of information security risks.
Survey says: RIP traditional security awareness and training
Today’s security training needs to look beyond people’s behavior. Read on to find out how you can ensure your employees are aware of information security risks.
Stealing your company’s data is a piece of cake
VPNs are hardworking guardians of private data. Why are they still a mystery to so many people?
We need to stop referring to humans as security “assets”
We were wrong. Humans are NOT “security assets”.First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent. Then they became the “strongest asset” because the industry...
Your cyber security goals are worthless. There, we said it
Cybersecurity is about so much more than goals and awareness. Our latest webinar helps you actually reduce your human risk.
Why are your people still snoozing updates?
It’s as simple as it is effective, and it could save your organization millions. So, why won’t everyone on the team enable auto-updates?
10 ways to influence long-term security behaviors
Just because your security awareness training is ‘engaging’ doesn’t mean it works Creative, funny, and wildly engaging security awareness training doesn’t lead to lasting behavior change. What it does is make people say, “I really enjoyed your training and...
A lesson on security behaviors
It’s time you learnt your lesson about security behaviors Assign all the traditional security awareness training you want. Your people will probably attend every session and tick all the right boxes, but their security behaviors won’t change. But that doesn’t mean...
It’s time to stop exposing yourself online
In last week’s Behave Series blog, we explored phishing simulations, and how to put them to work in your organization.This week, we’re staging an intervention. Because you've just got to stop revealing so much of yourself to Internet strangers. Oh, and, we’re talking...
Goodbye, security awareness training!
It’s time to pull the plug on traditional security awareness training We know it’s hard to let go. But this is getting out of hand. Traditional security awareness training has been on its deathbed for so long now that our eyes water whenever we get a whiff of...
How to get phishing simulations right
As part of our Behave Series last week, we talked about multi-factor authentication (MFA), and how to encourage your people to adopt it.This week, we’re diving into phishing simulations. They’re particularly useful for finding and filling the security cracks in your...
Spotlight: Have you got the multi-factor?
Last week in our Behave Series blog we looked at passwords. This week we’re turning it up to 11. This week, we’re talking about multi-factor authentication (MFA). Multi-factor authentication. It’s the unsung hero of cybersecurity. It’s thwarted many a cybercriminal....
Spotlight: Creating a passphrase ruleset
This week we’re focusing on passwords. We know you’re no stranger to these, and neither are your workforce. But familiarity isn’t helpful here. In fact, it’s a criminal’s best friend. Everyone in your business will have at least three or four passwords in their...
Phishing webinar hot take: Insurance executives need to get it together
Look, anyone can be phished. Yes, even the executives in their fancy suits. But that’s not what we’re here to talk about. We’re here to talk about some of the reasons why phishing risk isn’t being properly managed. And yes, that means we’re calling out the higher ups...
10 key topics to cover in cyber security awareness training
The scope of cyber security awareness training continues to increase. While the below list of cyber security awareness topics to include in awareness training is far from exhaustive, each should be a foundational pillar of security awareness campaigns and security...
You’ve been doing phishing simulations wrong all along
You might want to sit down for this one. If you haven’t been phished, then you probably think your phishing simulations are working. If you have been phished, then you probably think your new simulations are working and that it won’t happen again. And those are pretty...
Legal webinar recap: 3 hard truths we learned about lawyers
The legal sector is an untapped data resource. Whether your goal is to keep it that way or to take advantage of it, you’re going to want to read this.