Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Roger Grimes

Recent Posts

How You Can Increase Employee Engagement with Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes
One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Continue Reading

Top 12 Most Common Rogue URL Tricks

Jun 19, 2020 3:18:27 PM By Roger Grimes
It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...
Continue Reading

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes
There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...
Continue Reading

The Three Pillars of the Three Computer Security Pillars

May 18, 2020 8:31:59 AM By Roger Grimes
Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
Continue Reading

What is the Right Password Policy?

May 7, 2020 8:15:00 AM By Roger Grimes
What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

May 6, 2020 10:03:21 AM By Roger Grimes
I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

Is That COVID-19 Email Legitimate or a Phish?

May 1, 2020 8:39:23 AM By Roger Grimes
It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...
Continue Reading

The Best and First Defenses You Should Implement

Apr 24, 2020 8:43:14 AM By Roger Grimes
Every good defense has three pillars of controls: policy, technical, and education. People are always asking what they should do for each to minimize cybersecurity events the most and ...
Continue Reading

Third-Party Risk Management Questionnaire for Extended Emergencies

Apr 21, 2020 8:39:05 AM By Roger Grimes
Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.
Continue Reading

Share the Red Flags of Social Engineering Infographic With Your Employees

Apr 8, 2020 8:43:49 AM By Roger Grimes
Social engineering and phishing are responsible for 70% to 90% of all malicious breaches , so it’s very important to keep your employees at a heightened state of alert against this type ...
Continue Reading

The Best Computer Security Solvers Look Beyond the Problem

Apr 1, 2020 8:44:06 AM By Roger Grimes
Who doesn’t love a good computer security “cowboy”? That’s a man or a woman who is a recognized authority in their field of expertise, who groks their subject, who is truly a subject ...
Continue Reading

70% to 90% of All Malicious Breaches are Due to Social Engineering and Phishing Attacks

Mar 31, 2020 8:50:03 AM By Roger Grimes
If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...
Continue Reading

Every Computer Defense Has Three Main Pillars

Mar 26, 2020 8:32:15 AM By Roger Grimes
Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...
Continue Reading

The Effectiveness of Educating End Users With a Test-Out Quiz

Mar 17, 2020 12:54:14 PM By Roger Grimes
Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

Mar 9, 2020 8:00:00 AM By Roger Grimes
I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

[Heads-up] We Give Notice About The New Criminal Age 'Ransomware 2.0': Extremely Damaging, Dangerous And Plain Evil

Feb 2, 2020 1:38:44 PM By Roger Grimes
Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Jan 9, 2020 4:16:06 PM By Roger Grimes
Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

Smishing 101 and Defenses

Jan 8, 2020 10:04:15 AM By Roger Grimes
Smishing is phishing via Short Message Service (SMS) on a participating device, usually a cell phone. Long neglected by phishers and spammers, smishing has recently become a very common ...
Continue Reading

Encryption Isn’t Your Only Ransomware Problem - There Are Some Other Nasty Issues

Jan 7, 2020 12:05:54 PM By Roger Grimes
Ransomware has become one of the most dreaded problems in the cyber world and it’s only getting worse. Much worse!
Continue Reading

I Can Phish Anyone

Oct 15, 2019 7:30:00 AM By Roger Grimes
I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Has Gone Nuclear Webinar

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews