Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

What is the Right Password Policy?

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

Is That COVID-19 Email Legitimate or a Phish?

It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...
Continue Reading

The Best and First Defenses You Should Implement

Every good defense has three pillars of controls: policy, technical, and education. People are always asking what they should do for each to minimize cybersecurity events the most and ...
Continue Reading

Third-Party Risk Management Questionnaire for Extended Emergencies

Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.
Continue Reading

Share the Red Flags of Social Engineering Infographic With Your Employees

Social engineering and phishing are responsible for 70% to 90% of all malicious breaches , so it’s very important to keep your employees at a heightened state of alert against this type ...
Continue Reading

The Best Computer Security Solvers Look Beyond the Problem

Who doesn’t love a good computer security “cowboy”? That’s a man or a woman who is a recognized authority in their field of expertise, who groks their subject, who is truly a subject ...
Continue Reading

70% to 90% of All Malicious Breaches are Due to Social Engineering and Phishing Attacks

If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...
Continue Reading

Every Computer Defense Has Three Main Pillars

Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...
Continue Reading

The Effectiveness of Educating End Users With a Test-Out Quiz

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

[Heads-up] We Give Notice About The New Criminal Age 'Ransomware 2.0': Extremely Damaging, Dangerous And Plain Evil

Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

Smishing Examples & Defenses

Smishing is phishing via Short Message Service (SMS) on a participating device, usually a cell phone. Long neglected by phishers and spammers, smishing has recently become a very common ...
Continue Reading

Encryption Isn’t Your Only Ransomware Problem - There Are Some Other Nasty Issues

Ransomware has become one of the most dreaded problems in the cyber world and it’s only getting worse. Much worse!
Continue Reading

I Can Phish Anyone

I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
Continue Reading

You Must Know What You're Clicking On Even With MFA

By Roger Grimes, KnowBe4's Data-driven Defense Evangelist. I’ve been in computer security for over 30-years and I’ve been giving presentations nearly as long. And in that time, no talk ...
Continue Reading

Has Microsoft Office 365 Beat Phishing?

By Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist. Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. ...
Continue Reading

[On-Demand Webinar] The Quantum Computing Break Is Coming... Will You Be Ready?

Quantum computing is a game-changer and will have a huge impact on the way we do business, safeguard data, explore space, and even predict weather events. Yet, some experts say in the not ...
Continue Reading

Yes, Google's Security Key Is Hackable

Here is an article by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 Ever since Google told the world that none of its 85,000 employees had been successfully hacked since they ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews