February 14, 2017

Why do so many people click on phishing email messages?

Your UPS delivery was missed… The IRS says you owe them thousands of dollars… You’ve reached your computer disk storage limit… Your Apple account information has […]
January 16, 2017

Working with extremely sensitive data

A friend of mine is developing some complex software that he hopes to license to other companies. When I asked him how he was protecting it […]
December 1, 2016

Employees need to learn to handle Cyber Threat Overload or they will be replaced

Remember back in that simpler time – 5 years ago – when botnets simply sent out spam or collected credit card numbers; or 10 years ago, […]
June 30, 2016

Why is the Security Team trying to trick us? – The #1 Pitfall of Employee Phishing Assessments

Many organizations are now starting to do internal employee phishing assessments to determine how vulnerable their team is to targeted phishing attacks. This is because phishing is one of the primary ways that ransomware makes its way into corporate networks - through emails targeted at employees who click on links or attachments. Your IT Security team can assess your organization's vulnerability in this area by simulating attack emails, but with harmless links or attachments that can provide feedback to IT Security. But when your IT Security team undertakes an employee phishing assessment initiative, there are many subtle decisions that must be made that can have in impact not only on the validity of the results, but on employee morale and trust. So, I'm creating a list of dangerous pitfalls to be avoided when implementing an employee phishing assessment program. Not fully considering the employees' responses to these emails is probably the easiest landmine to step on, which can cause serious employee backlash, and put the program in jeopardy. Here's the problem and the solution.
May 12, 2016

The Teachable Moment: Finding your organization's current level of vulnerability to phishing attacks… for free.

Are Phishing Assessments Really a Thing? By now, you've probably heard that some organizations are using simulated phishing attacks on their employees. Is this a smart thing to do, or is it just the security team trying to scare people? Filling up employees' inboxes with even more malicious email may just sound cruel. But there's a very good reason for doing this.
September 15, 2014

Consultants and entrepreneurs can bring new value to clients through Streetwise Security Workshops

Consultants and entrepreneurs are in an interesting position, when it comes to information security. They have exposure to multiple clients, which brings some opportunities and challenges. […]