Scott's Latest Human Cyber Security Insights for Jan 09, 2024
Scott Wright, CISA
Speaker | Podcaster | Co-Founder/CEO at Click Armor | Helping build confidence through engaging, interactive cybersecurity training
Happy New Year, Cyber Defenders!
Here are my latest cybersecurity tips and stories to start your year off right. In this edition I cover:
Stay informed about the latest developments and learn proactive measures to safeguard your digital assets and security culture.
NOTE:?Security managers may use the stories published here, and in the Click Armor? blog, as content for your internal newsletters and communications. All we ask is that you please include attribution to "Click Armor at www.clickarmor.ca".
1. Tip of the Week: Use interactive reminders for Acceptable Use Policy requirements
Employees quickly forget the rules about working securely if they don’t get any reminders. They also remember a lot better if those reminders are interactive; things that engage them to act.
So, if you don’t want employees to be Googling "What should I do if I think I have a virus on my computer?"... then you need to make time in your awareness training program for employees to review the basics.
But if people think the reinforcement training is just the same set of videos they watched last year about things like not using gambling sites at work, they will likely find a way to avoid doing it; or they will start the training, set it on play and go have a coffee.
This routine does not change behavior, nor does it build a strong security culture. You need people to understand that they can be a target, and that they need to use approved tools, and follow approved procedures.
Employees will also respond more positively when you can engage them with interactive reminders. (Ask me how Click Armor can do this affordably and easily.)
2. Cybersecurity news story - Texas school district loses USD $700,000 in phishing scam
Vendor payment scams are still a huge problem, as illustrated in October of 2023 when a Texas school district inadvertently paid $700,000 to an unauthorized party as part of a high school expansion construction project. It appears that an attacker impersonated a supplier on the project.
I believe we'll see this type of attack evolving and spreading in the future, to target more roles in organizations that have access to sensitive assets or business systems.
3. The FIRST Live Cyber Security Awareness Forum of 2024!
When employees take it upon themselves to use "apparently free" tools or websites, they can be putting the organization at risk.
This takes us into the realm of "Acceptable Use Policies" that limit what employees are permitted to access from business systems.
Our first Live Cyber Security Awareness Forum session for 2024 will be on the "The problem of employees using FREE stuff from the Internet".
Join our live panelists and audience attendees today with your stories, lessons learned and questions.
Our bi-weekly Live CSAF sessions are free, and are jam-packed with value for security managers and anyone interested in security from an employee awareness and training perspective.
领英推荐
You can also join the CSAF community to get notifications for future panel discussions and other resources HERE.
4. Click Armor YouTube "Shorts"
Did you know that our Click Armor YouTube channel now has a growing set of 1-minute video "shorts" with my CISO Security Awareness tips and clips from our CSAF panel sessions (in addition to all our recorded full CSAF sessions)?
Check it out HERE.
5. Rottenphish: Learning to improve phishing education methods from published posts...
Just because anything is fair game to a criminal, that doesn't mean employers should use "every" dirty tactic in the book.
If you are going to use live phishing simulations, it can be more productive to use less "gotcha" tactics with employees, at least until everyone is on board.
You can start by using more obvious tests at less annoying times, so they get used to the process of spotting and reporting suspicious messages without becoming flooded with negative emotions.
A more positive approach will be more likely to build trust and cooperation among employees.
Attribution: These tweets are located courtesy of Mark Henderson's feed on LinkedIn with a hashtag of #badpenny.
Start remediating your known security vulnerabilities with Click Armor...
Click Armor? is the interactive security awareness platform that enables fast and easy remediation of cyber security awareness issues. It engages employees, unlike anything you've seen before to learn, retain knowledge and improve skills.
Remediation requires engagement. If employees aren't engaged, they won't learn, and will remain vulnerable.
After 15 years of teaching security awareness, including running large scale "phishing tests" on my customers' employees, and seeing how people will use any excuse to "disengage" with awareness training, I decided to create Click Armor.
The Click Armor platform is?purpose-built?to make gamified training and remediation more effective, faster and easier.?It uses interactive exercises and simulations to build a more resilient workforce through a more positive user experience.
Employees can be a valuable part of every organization's security awareness program. (NOTE: It doesn't help with engagement to say that "people are the weakest link")... But they need a different way of learning and practicing how to spot cyberthreats.
Find out how you can get more employees through compliance training faster, strengthen your organization's security culture,?and help your employees more effectively?avoid phishing and social engineering attacks that target human vulnerabilities.
Visit the Click Armor website at: https://www.clickarmor.ca
Stay tuned for future issues of?Human Cyber Security Insights, with news and tips for protecting your business against unexpected losses from cyberattacks.