How to Lay the Groundwork for Powerful Cybersecurity

Posted on February 14, 2017 by kellyk

There’s a tendency in the world of cybersecurity to skip over the foundations and move directly to technical solutions. 

Organizations allocate huge sums to threat intelligence or detailed security analytics without performing foundational security practices that help identify how to allocate resources.

To ensure this doesn’t happen to your organization, it is essential to lay the proper groundwork for your cybersecurity initiative.

 

Where It All Starts: IT GRC

For those who aren’t aware,

Read More...

Posted in Cybersecurity

How to Secure Your Organization against Cyber-Attacks (Even If You Have No Idea Where to Start)

Posted on January 19, 2017 by kellyk

With cyber-attacks reaching new heights year after year, organizations all over the world are starting to make security a top priority.

You are likely feeling the pressure to do something, but where should you start?

After all, there are so many security products on the market. From endpoint security and threat intelligence to multi-factor authentication and high-end training, the options seem limitless… and there’s no clear progression from start to finish.

In the coming weeks, we’ll be

Read More...

Posted in Cybersecurity, Information Security

How to Combat Phishing with Email Security Awareness Training

Posted on December 15, 2016 by kellyk

Let’s face it. Email is always a threat.

So, naturally, you do everything to keep your users (and your network) safe. Your preventative measures are constantly being tested and improved, but still, your users are faced with malicious emails in their inboxes every single day.

And it gets worse. According to recent reports, one in every five spear phishing emails sent results in an opened link or attachment. With zero-day exploits being discovered at roughly the rate of one per month, that

Read More...

Posted in Information Security, Security Awareness Training

Avoid a Security Training Rut

Posted on November 30, 2016 by kellyk

Stephen Wyles, Information Security Analyst

It’s easy to inadvertently create a rut when conducting any repetitive task. Just as is the case with all training, when it comes to security, it’s important to create and repeat training that keeps employees alert and aware of the latest tactics used by attackers to gain access to sensitive information, systems, and facilities. But why is this important? Why do your employees need security training? And why should you care about a training rut?

The

Read More...

Posted in Cybersecurity, Information Security, Security Awareness Training

How to Avoid Data Breaches with Mobile Security Awareness Training

Posted on November 21, 2016 by kellyk

Let’s face it. Mobile security is terrifying for system administrators.

Back in the old days, you always had the option of shutting down your network to prevent or limit the amount of damage.

You knew the physical location of every device, and the proverbial ‘big red switch’ could take every one of them offline.

But now…

Nearly every one of your employees has a company smartphone in their pocket. You can’t easily take them offline, you don’t know where they are, and who knows what they’re

Read More...

Posted in Information Security, Security Awareness Training

How to Keep Your Employees Safe with Social Media Security Training

Posted on October 20, 2016 by kellyk

When it comes to security awareness training, there don't tend to be too many surprises.

Most people know there are dangers associated with email, web browsing, and physical security.

But social media is a bit different.

Over the past decade, social media has revolutionized communication. People are connecting with forgotten friends, long lost family, and classmates from decades past.

So for most people, social media is no more than a tool for leisure and communication. They have no idea

Read More...

Posted in Information Security, Security Awareness Training, Social Engineering

Training Your Employees to Stay Safe on the Internet

Posted on October 4, 2016 by kellyk

Perhaps unsurprisingly, Internet security has taken a bit of a back seat in recent years.

With the rise of more direct attack vectors such as phishing, organizations seem to feel that the ‘old fashioned’ threat of malicious websites should be lower on their priority list. And that’s understandable… but not advisable.

In fact, with phishing getting all the headlines, it’s easy to forget that unsuspecting employees can easily introduce serious threats such as ransomware into your network just

Read More...

Posted in Information Security, Security Awareness Training

How to Change Employee Behaviors with Information Security Training

Posted on September 29, 2016 by kellyk

Losing sensitive information has never been a good idea.

But with data protection regulators all over the world starting to find their teeth, now is a really bad time.

Organizations are facing not only bad publicity and loss of business but also huge fines if they’re found to have been negligent in protecting data from theft or loss.

But unfortunately, from time to time, even senior staff members do ridiculous things with data. And whether it’s leaving company laptops in cafes, or

Read More...

Posted in Information Security, Security Awareness Training

Social Engineering Basics: How to Educate Your Staff

Posted on September 15, 2016 by kellyk

There’s nothing worse than being tricked.

Nearly every person in your organization likes to think of him or herself as solid, dependable, and professional. So imagine how they would feel if they realized they’d been totally taken in by a scam artist.

Now imagine that on top of being taken in, they’d allowed the scam artist to steal from or damage your organization.

That’s a bad day however you spin it.

Unfortunately, it’s also a reality. Social engineering tactics are more prevalent now

Read More...

Posted in Information Security, Security Awareness Training, Social Engineering

Designing Physical Security Awareness Training (That Won’t Be Forgotten in Five Minutes)

Posted on September 8, 2016 by kellyk

There’s nothing more embarrassing than a physical security breach.

Whether it’s a company laptop left in a car or files stolen from the office, a physical security breach is really bad news.

But how often is your staff reminded of their responsibilities? And how much thought went into the training?

We get it. There are so many other things to worry about, a lot of the time physical security awareness training is bumped right down to the bottom of the priority list.

But with data protection

Read More...

Posted in Information Security, Security Awareness Training