We were wrong. Humans are NOT “security assets”. First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent. Then they became the “strongest asset” because the industry...
Here’s the thing. Your cybersecurity goals are very noble. You know the risks you want to avoid, and that’s great. Except it could all count for nothing. If you’re a security awareness professional, don’t quit your job just yet. We want to get you on your way to...
Enabling auto-updates is more complicated than you think Last week, our CEO recommended a few ways to influence long-term security behaviors. This week, we’re jumping into auto-updates. “Change is the only constant.” That’s certainly true as far as IT is concerned....
Just because your security awareness training is ‘engaging’ doesn’t mean it works Creative, funny, and wildly engaging security awareness training doesn’t lead to lasting behavior change. What it does is make people say, “I really enjoyed your training and...
It’s time you learnt your lesson about security behaviors Assign all the traditional security awareness training you want. Your people will probably attend every session and tick all the right boxes, but their security behaviors won’t change. But that doesn’t mean...
In last week’s Behave Series blog, we explored phishing simulations, and how to put them to work in your organization. This week, we’re staging an intervention. Because you’ve just got to stop revealing so much of yourself to Internet strangers. Oh, and, we’re...