A couple of years ago, I wrote a blog post discussing how employee engagement is more about leadership than free coffee mugs and prizes. Debbie Laskey has posted a great selection of ideas for engaging employees in the workforce. Some will apply to security awareness … some won’t. But well… Continue Reading Some More About Employee Engagement

The U.S. Department of Education today released a new guide to laws and rules colleges must follow to ensure e-reading devices and other emerging technologies are accessible to all students. It focuses on students with vision problems, a group whose access issues have triggered official complaints against colleges. The document, in the… Continue Reading Education Department Clarifies E-Reader Accessibility Rules

Far too many security awareness training programs start with a series of horror stories about hackers and identity theft, lost money and damaged reputations, privacy breaches and deleted computer files. Before long, the average student starts to tune out – after all, if it’s that bad out there, there’s not… Continue Reading Security Awareness and Climate Change – Scaring People is Not the Right Approach

Over the years, I’ve heard a lot about how important it is to ‘engage’ staff in information security, but very little about how to do this in practice. And what little advice I see seems to be limited to providing giveaways and trinkets. Surely, there has to be more than… Continue Reading Engaging Your Staff in Security Requires Leadership – Not Free Coffee Mugs

If you’re planning your online security awareness training content development strategy, don’t forget PowerPoint. Much maligned as a web-based training tool, it should still have a place in your toolkit for when you need to develop quick and simple training materials – perhaps when you have an urgent message to… Continue Reading Don’t Forget PowerPoint for Your Security Awareness Training

Here’s a blog post by Simon Herring of Ubersecure which describes how (during an authorized penetration test) he was able to “persuade” a helpdesk agent of a large company to reset his password by pretending to be a salesman in a panic. Once the password had been reset, he was… Continue Reading Don’t Let Your Helpdesk Help the Wrong People!

I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.

You have the right subject matter, and a sound plan for presenting your materials. But, like it or not, cost is a major consideration when putting a security awareness training program in place. Initial price is often the thing people focus on most, but it’s seldom what causes a program… Continue Reading Too Expensive – 5 Reasons Why Security Awareness Training Programs Fail – Part 3

It’s that time of year again – when fraudulent and nuisance emails, and online hoaxes and scams start making the rounds even more quickly than usual. Sophos has posted a warning about one such hoax spreading rapidly on Facebook where users are warning each other about a “Christmas Tree” virus… Continue Reading ‘Tis the Season for … Hoaxes and Scams