Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Roger Grimes

Recent Posts

What About Password Manager Risks?

In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

We Do Not Talk Enough About Social Engineering and It’s Hurting Us

One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have ...
Continue Reading

Holding a Great Employee Education Meeting

I recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer ...
Continue Reading

How Hackers Get Your Passwords and How To Defend Yourself

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have ...
Continue Reading

Making Better Push-Based MFA

I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...
Continue Reading

Traits of Most Scams

There are a lot of scams in the world, and they seem to be proliferating at an exponential rate. My Facebook friend’s accounts are compromised all the time and I get sent scam requests ...
Continue Reading

The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity

The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell ...
Continue Reading

Beware of QuickBooks Payment Scams

Many small and mid-sized companies use Intuit’s very popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program ...
Continue Reading

5 Notable Obscure Phishing Scams

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

Having an Efficient Security Awareness Training Program

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

Answer 4 Simple Questions To Avoid a Social Engineering Attack

I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with ...
Continue Reading

How Not To Get Phished: It Is the Message Not the Medium

Back in the early 1990s, when I was first getting into the IT field as a full-time network administrator, I was tasked with writing up our corporation’s new email policy. Email was just ...
Continue Reading

Ransomware 3.0: It Is About To Get Much Worse

If you think ransomware is bad, it is about to get much, much worse. What will ransomware gangs do? Just everything.
Continue Reading

U.S. Government Says To Use Phishing-Resistant MFA

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...
Continue Reading

5 Ways to Recognize Social Engineering

Social engineering can come in many different forms: via email, websites, voice calls, SMS messages, social media and even fax. If it is a communication method, scammers and criminals are ...
Continue Reading

Be Wary of Unrequested Disc Images

Microsoft’s recent announcement that the new version of Microsoft Windows, Microsoft Windows 11, will be released soon is capturing headlines around the world. Microsoft will allow ...
Continue Reading

When the URL Domain Is Not Enough To Avoid a Phish

One of the most common mantras in security awareness training is “Examine the URL to determine if it points to the legitimate vendor or not!”
Continue Reading

How to Defeat REvil Ransomware

The REvil ransomware gang is in the news again! This time for a supply chain attack and the largest public extortion demand ever – $70 million dollars.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews