Last time, we looked at how (fiendishly simple) virtual private networks (VPNs) thwart cyberthreats. Today, we’re talking about the human risk management OG: security awareness and training (SA&T). But this isn’t about your regular 20-year-old syllabus. No, no...
Would you like some data theft with your coffee? Last time, we explored auto-updates and why your people aren’t getting around to enabling them. This week’s topic is one that’s just as easily overlooked. It goes like this. Your new marketing guy, Dave, is...
We were wrong. Humans are NOT “security assets”. First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent. Then they became the “strongest asset” because the industry...
Here’s the thing. Your cybersecurity goals are very noble. You know the risks you want to avoid, and that’s great. Except it could all count for nothing. If you’re a security awareness professional, don’t quit your job just yet. We want to get you on your way to...
Enabling auto-updates is more complicated than you think Last week, our CEO recommended a few ways to influence long-term security behaviors. This week, we’re jumping into auto-updates. “Change is the only constant.” That’s certainly true as far as IT is concerned....
Just because your security awareness training is ‘engaging’ doesn’t mean it works Creative, funny, and wildly engaging security awareness training doesn’t lead to lasting behavior change. What it does is make people say, “I really enjoyed your training and...
