Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Roger Grimes

Roger Grimes
Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with the world’s largest and smallest companies, and militaries, and he has seen what does and doesn’t work. Grimes was a weekly security columnist for InfoWorld and CSO magazines from 2005 - 2019. He regularly presents at national computer security conferences, and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR’s All Things Considered. Roger is known for his often contrarian, fact-filled viewpoints.
Find me on:

Recent Posts

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...
Continue Reading

The Three Pillars of the Three Computer Security Pillars

Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
Continue Reading

What is the Right Password Policy?

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

Is That COVID-19 Email Legitimate or a Phish?

It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...
Continue Reading

The Best and First Defenses You Should Implement

Every good defense has three pillars of controls: policy, technical, and education. People are always asking what they should do for each to minimize cybersecurity events the most and ...
Continue Reading

Third-Party Risk Management Questionnaire for Extended Emergencies

Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.
Continue Reading

Share the Red Flags of Social Engineering Infographic With Your Employees

Social engineering and phishing are responsible for 70% to 90% of all malicious breaches , so it’s very important to keep your employees at a heightened state of alert against this type ...
Continue Reading

The Best Computer Security Solvers Look Beyond the Problem

Who doesn’t love a good computer security “cowboy”? That’s a man or a woman who is a recognized authority in their field of expertise, who groks their subject, who is truly a subject ...
Continue Reading

70% to 90% of All Malicious Breaches are Due to Social Engineering and Phishing Attacks

If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...
Continue Reading

Every Computer Defense Has Three Main Pillars

Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...
Continue Reading

The Effectiveness of Educating End Users With a Test-Out Quiz

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

[Heads-up] We Give Notice About The New Criminal Age 'Ransomware 2.0': Extremely Damaging, Dangerous And Plain Evil

Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

Smishing Examples & Defenses

Smishing is phishing via Short Message Service (SMS) on a participating device, usually a cell phone. Long neglected by phishers and spammers, smishing has recently become a very common ...
Continue Reading

Encryption Isn’t Your Only Ransomware Problem - There Are Some Other Nasty Issues

Ransomware has become one of the most dreaded problems in the cyber world and it’s only getting worse. Much worse!
Continue Reading

I Can Phish Anyone

I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
Continue Reading

You Must Know What You're Clicking On Even With MFA

By Roger Grimes, KnowBe4's Data-driven Defense Evangelist.  I’ve been in computer security for over 30-years and I’ve been giving presentations nearly as long. And in that time, no talk ...
Continue Reading

Has Microsoft Office 365 Beat Phishing?

By Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist. Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews