There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...
Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...
Every good defense has three pillars of controls: policy, technical, and education. People are always asking what they should do for each to minimize cybersecurity events the most and ...
Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.
Social engineering and phishing are responsible for 70% to 90% of all malicious breaches , so it’s very important to keep your employees at a heightened state of alert against this type ...
Who doesn’t love a good computer security “cowboy”? That’s a man or a woman who is a recognized authority in their field of expertise, who groks their subject, who is truly a subject ...
If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...
Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...
Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...
I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Smishing is phishing via Short Message Service (SMS) on a participating device, usually a cell phone. Long neglected by phishers and spammers, smishing has recently become a very common ...
Ransomware has become one of the most dreaded problems in the cyber world and it’s only getting worse. Much worse!
I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
By Roger Grimes, KnowBe4's Data-driven Defense Evangelist. I’ve been in computer security for over 30-years and I’ve been giving presentations nearly as long. And in that time, no talk ...
By Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist. Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. ...
