Scott's Human Cyber Security Insights for June 1, 2024

Hello, Data Defenders! Welcome to this week's newsletter on Human Cyber Security Insights. This week we'll be discussing:

?? Balancing people, processes and technology in your security awareness program

?? Healthcare cyber attack on the US's largest non-profit provider

?? FREE WEBINAR ON WED, JUNE 5: Back FROM the Future

?? CSAF Recording: The Keepers of the Keys to the Kingdom: Training IT Teams on Cybersecurity

?? Q1 2024 CISO Report on Security Awareness and Human Risk Management

?? Employees fail phishing tests because they zone out during training

1) Tip of the Week: Balancing people, processes and technology in your security awareness program

It's impossible to over-emphasize the importance of keeping people, process and technology in balance, and in context for cyber security. Here's how I advise people to think about this mix of investment in security...

?? Technology - It's a no-brainer to maximize the use of appropriate and reliable technology, to make sure technical risks are minimized in a consistent and scalable way.

???? People - Businesses always needs people to securely manage the inputs, outputs, configuration and exceptions to technologies (including the security technologies) the business relies upon.

?? Process - There needs to be a set of rules for configuring technology securely, and for employees to work securely when they handle information and systems.

Many businesses that experience breaches realize that they lacked a balance in one of these key areas. Keeping a balance of investment in these three security program pillars can help build a strong and healthy security program and reduce the likelihood of a breach at your organization.

2) Cyber Security in the News: Healthcare cyber attack on the US's largest non-profit provider

Still recovering from the Change Healthcare cyber attack, the US healthcare industry is reeling yet again following an attack on the largest non-profit healthcare system, Ascension.

Why the concerning pattern in healthcare targets? Healthcare providers typically keep highly personal data on hand like SIN numbers, financial information, and health background, that can easily be sold on the dark web, and often are not able to maintain a balance of security investments in people, process and technology. Find out more about the most recent attack HERE:

3) FREE WEBINAR WED, JUNE 5th: Back FROM the Future

This special, joint webinar, sponsored by Click Armor and Conceal examine several recent security breaches and, as if we could go back in time, we'll look at key factors in those breaches, and what could have been done to prevent them.

You won't want to miss this session on Wednesday, June 5 at 2pm ET. HERE.

Invite your favorite CISO, SOC Manager, Security Awareness Manager, IT Security Manager or MSP!

4) CSAF Recording: The Keepers of the Keys to the Kingdom: Training IT Teams on Cybersecurity

This week, Chris Ellis of Circadence joined our Live Cyber Security Awareness Forum panel session to explore the differences between security awareness training for general staff and cyber security training for IT teams.

5) Q1 2024 CISO Report

In case you missed it earlier this month, we published the Q1 2024 CISO Report on Security Awareness and Human Risk Management covering:

?? Free Internet Downloads

?? Exercising vs. Testing Employee Cybersecurity Skills

?? Data Protection

?? How Much Automation is Right for Your Security Awareness Program?

?? Cyber and Physical Security

?? Revisiting Deep Fakes

You can download the report for free HERE (no strings attached, no email sign-ups needed) here:

6) Employees fail phishing tests because they zone out during training

Cyber security training won't help if it's not engaging, and employees "zone out" when they take it. Neither will the remediation training for employees who click on links in phishing tests. Or the next remediation training... Or the next.

This employee joked on X about falling for phishing tests because she zones out during every training module. If your employees are completely unengaged every time they do training, your content is not engaging enough and your employees will never learn.

You can't expect your team member's behaviour to change if you keep using the same, boring training in response to their failed phishing tests.

Give them the tools they need to succeed by providing engaging and interactive training. By allowing them to actively participate and receive immediate feedback, it's much more likely they will:

1. Understand the guidance in the training modules
2. Retain the knowledge gained from interactive exercises
3. Be ready to face the next phishing test because they had a chance to practice on several realistic phishing threats in immersive simulations

About Click Armor?...

When the only tools you have to build a security awareness program are static eLearning content and live phishing simulations, every employee looks like a target...

The Click Armor platform is purpose-built to be the right tool to fill the gaps that exist in cybersecurity training today. It uses interactive, immersive exercises and simulations to build a more resilient workforce through a more positive user experience and metrics.

Start using the right training tools to move your program from low-value, low-assurance, compliance-based training to be more focused on "human risk management". With targeted, role-based guidance using Click Armor's engaging, interactive content, you can also enable more effective remediation of your known employee security vulnerabilities, while building more confidence and proficiency.

Engagement enables better learning

Click Armor? is the interactive security awareness platform that enables fast and easy remediation of cyber security awareness issues. It engages employees, unlike anything you've seen before to learn, retain knowledge and improve resilience to attacks.

Remediation requires engagement. If employees aren't engaged, they won't learn, and will remain vulnerable.

Why is it more effective?

After 15 years of teaching security awareness, including running large scale live "phishing tests" on my customers' employees, I observed how people will use any excuse to "disengage" with awareness training. So, I created Click Armor to keep employees focused on learning, with a more rewarding and relevant experience.

Imagine how your security culture could be improved if YOU (or one of your team's top executives) could be the central character in your interactive security awareness training experience?

Find out how you can get more employees through compliance training faster, strengthen your organization's security culture, and help your employees more effectively avoid phishing and social engineering attacks that target human vulnerabilities.

Make sure you are using the right tools to build a strong, positive and inclusive security culture.

If you'd like to experience the power of interactive security awareness training, try our short, immersive "self-assessment" called "Can I Be Phished?"

For a quick overview of Click Armor, check out this narrated video HERE.