Collaborate Disseminate
In most organizations, a user who can identify and delete phishing emails is considered a huge asset.
The post 7 Reasons Why Spotting a Phishing Email is Just the Beginning appeared first on Security Boulevard.
Continue reading 7 Reasons Why Spotting a Phishing Email is Just the Beginning
Training users to identify and report phishing emails is far from an overnight fix.
The post Why Failure Isn’t the Enemy in the Fight Against Phishing appeared first on Security Boulevard.
Continue reading Why Failure Isn’t the Enemy in the Fight Against Phishing
If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.
The post Getting Past Gotcha: Reframing Anti-Phishing Training appeared first on Security Boulevard.
Continue reading Getting Past Gotcha: Reframing Anti-Phishing Training
It’s not exactly a secret that most security awareness training programs are… less than effective.
Something about the 12-month gap between sessions, decade-old content, and total lack of user engagement seems to limit the potential fo… Continue reading How To Really Change User Email Behaviors (It’s Not About Education)
The past few years has seen an explosion of cyber attack activity in the healthcare industry.
But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.
A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.
Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.
Continue reading Healthcare Security Awareness Training: Don’t Fear Failure, Learn From It
At this point, everybody knows phishing is a threat.
But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.
In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.
So what are most organizations doing to defend against phishing?
Continue reading Why Your Security Awareness Training Isn’t Working and What to Do Instead
When it comes to security, it pays to be completely honest with yourself. After all, you may be able to hide weaknesses in your network from yourself, but that won’t stop threat actors from finding them.
If you are totally honest with yourself, you’ll realize there’s no way to completely shield your users from attacks.
You can tighten your spam filter, keep a watchful eye on user permissions, and buy in the best endpoint security package you can afford… but still, some attacks will make it through. And if your users are like most people, right now they aren’t even close to being ready to cope with that. We explored this previously in Why Some Phishing Emails Will Always Get Through Your Spam Filter.
We believe people can be the last line of your network defense – and do a damn good job of it – but first they have to be trained.
Here are a few ideas to get you started.
Frustrating, isn’t it?
It seems like no matter what you do, a few phishing emails always find their way into your users’ inboxes. You’ve tweaked your spam filter, and you’re scanning every attachment… But nothing seems to work.
Is it you? Are you making some glaring mistake?
Probably not. We’ve discussed before why your users keep falling for phishing scams, and there’s more to it.
The fact is that no matter how good your security, a small percentage of phishing emails will always reach your user’s inboxes.
Continue reading Why Some Phishing Emails Will Always Get Through Your Spam Filter
There’s a lot of talk in the security industry about the effectiveness of security awareness training for employees. Some highly respected members of the community have repeatedly asserted that it’s a total waste of money, and this sentiment seems to have picked up some momentum in recent years.
In our last post we discussed human vulnerability in Why Your Users Keep Falling for Phishing Scams. People generally assume anything that makes its way into their inbox is a legitimate attempt to contact them. Just because security professionals see a shady email and think ‘phishing’, doesn’t mean everybody else does, too.
The argument against security awareness training goes that since normal users have no responsibility for network security, and they don’t understand the implications of their actions, it should be down to IT to create an environment in one which can’t harm the organization.
But we disagree.
The fact is that while that is a good target to aim for, it isn’t possible right now, and probably never will be.
Continue reading Hitting Back Against Security Awareness Training Nay Sayers
Why Your Users Keep Falling for Phishing Scams
We’ve all been there. That awful moment, when you realize it’s happened again.
“Why do they never learn?” You ask yourself. “It really isn’t that hard!”
Time and time again, your users click on malicious links and attachments in phishing emails, and it seems like no matter what you do to improve their awareness, it never gets any better.
So why do they keep falling for phishing scams? Is it just complacency? Or something more?
Continue reading Why Your Users Keep Falling for Phishing Scams