Posts

Cybersecurity awareness programs aren't one size fits all

Image
Have you ever purchased a canned cybersecurity awareness program? Have you ever found a cybersecurity awareness program that someone else built and rolled it out in your business? Did a long-gone employee set up your cybersecurity awareness program years ago, and it's been running on autopilot ever since? These situations seem like they might work, right? Having any cybersecurity awareness program is better than no cybersecurity awareness program, right? Well, I'm not so sure about that because cybersecurity awareness programs aren't one size fits all. They need to be built with purpose, which means they'll be unique. Is every program as unique as your thumbprint? Perhaps not, because some fundamental things happen in any business. But many extraordinary things are going on in your business that you need to address. The more you get to know your business and its operations, the more unique your program will be, and that's a good thing! With all that being said, I wa

Do you need more hours in the day?

Image
Do you need more hours in the day? Answer these questions to find out: Do you feel like you're playing cybersecurity whack a mole? Are you overwhelmed by the volume of cybersecurity incidents that started with someone clicking on a link or opening a file? Are you routinely working 50 or 60 or more hours a week? Is your cybersecurity department understaffed? Has it been over a year since you reviewed your cybersecurity awareness program in detail? Do you want to start sending simulated phishing emails but find that there's just no time to start something new? Here's how I can help you get more hours in your day. Let me manage your cybersecurity awareness program for you! From selecting training, sending phishing emails, newsletters, tips, assessments, and more, I'll build and run a cybersecurity awareness program built with purpose just for you. Just need someone to plan and send simulated phishing emails? I can do that for you. I'll evaluate the current status of yo

I hate this word

Image
Have you ever heard of the word Forensicator?   I hate this word.   I am not on trend by hating this word. It continues to gain popularity, and I’m seeing it more and more. Speakers and attendees introduce themselves as Forensicators at training and conferences I attend. I should be using this word, but I just can’t.   So what’s a Forensicator anyway?   It’s someone who works in computer forensics and digital investigations, so what I used to do in the FBI. Back in my day, my formal job title was Information Technology Specialist – Forensic Examiner. I’m glad I didn’t have the job title Forensicator. Heck, this word is so popular that SANS even has a Lethal Forensicator Challenge Coin. But, I’m still not going to use it.   I can’t use this word. It makes me cringe. It also makes me think of other words that I don’t like either. So I’m just not going to use this word.   What word makes you cringe? Drop a comment below and let me know. I’m compiling a cringe-worth

5 hot topics to include in your cybersecurity awareness program

Image
You've heard me say this before, and I'm saying it again… your cybersecurity awareness program needs to be built with purpose. When you build your program with purpose, your program will be different from mine, Bill's, and Sally's. BUT… There are some topics that every cybersecurity awareness program needs to address, and I've got 5 HOT TOPICS YOU NEED TO INCLUDE IN YOUR PROGRAM Building a culture of cybersecurity – it's YOUR responsibility Cybersecurity isn't just my responsibility. It' isn't everyone else's responsibility. It's YOUR responsibility. Each person in your business makes a difference, and everyone needs to be invested in creating and maintaining a secure environment, and it starts with culture. Humans are the key to defending your business Tell your humans that they matter to you and why they matter. Social engineering Tell your humans what social engineering is, why it's being used, and how it's being used against them

Why can't you resist clicking?

Image
If you’ve been following me for a while you’ve heard about phishing, but have you ever wondered how the email was crafted? Perhaps you’ve been duped before and didn’t realize it until it was too late, because it felt like a Jedi mind trick.   I think we do a really good job of telling everyone to watch out for phishing emails, and not to click on them. But I think as an industry we fall short when it comes to sharing how those emails are crafted, why they’re so dang irresistible, and what they can do to reduce their risk of receiving those super slick emails.   To close this knowledge gap I now offer an on-demand video training class called “ Social Engineering: The Art of the Click”   During this video training, you’ll learn • What social engineering is • How cybercriminals create an irresistible offer  • Why you want to click • How cybercriminals come after you AND • What you can do today to stop cybercriminals from preying on you   Learn the A

Keep cybersecurity awareness simple

Image
Cybersecurity might be complicated, but does your cybersecurity awareness program have to be complicated as well? Nope, you can keep your cybersecurity awareness program simple. Here's an example. Widgets R Us finally created an option for employees to share files securely outside the organization. The employees are excited, but here's what they find: They have to log in with yet another username and password The website is difficult to remember, and there are no links to it on the Intranet Once logged in, they have to follow a 20 step process to upload and share the file They can only share one file at a time, so they must repeat the 20 step process for each file They can only share with one person at a time, so the 20 step process must be repeated for each person that needs to send to file Do you think your employees will complete 180 steps to send three files to 3 people?? This is what I mean by keeping it simple. Sometimes those of us who work in tech are shooting ourselves

Here’s to cheating, stealing, fighting, and drinking

Image
 I'd like to share this Irish toast with you in honor of St. Patrick's Day. Here’s to cheating, stealing, fighting, and drinking. If you cheat, may you cheat death. If you steal, may you steal a woman’s heart. If you fight, may you fight for a brother. And if you drink, may you drink with me What are your St. Patrick's day plans? Comment below - I need ideas!