PRIVACY + SECURITY BLOG

News, Developments, and Insights

New Resource Page: How to Make Security Training Effective

Effective Security Training

I recently created a new resource page — How to Make Security Training Effective.  The page contains my advice for how  to make security training memorable and effective in changing behavior.

Training the workforce is an essential way to protect data security, but not all training endeavors are successful.  Poor training is akin to shouting into the void.  This resource page is designed to provide some tips and advice about training that I’ve learned from being an educator for more than 15 years. Continue Reading

New Resource Page: Security Awareness Training FAQ

Security Awareness Training FAQ 01

What laws require security awareness training?  What topics do the laws require to be covered?  What should be covered?  How frequently should training be given?

I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more.  I discuss various legal and industry requirements for security awareness training.  I also discuss best practices.  I hope that you find this resource to be useful.

Continue Reading

New Privacy and Security Awareness Training Programs

security awareness training

I created some new training programs last year, and here are some of the highlights:

Security Training Malware -- Ransomware Attack

The Ransomware Attack (~5 mins)

This short program (~5 minutes) consists of an interactive cartoon vignette about malware.  The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware.  The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.

Module Lifecycle of Personal Data 01

The Life Cycle of Personal Data (~ 15 mins)

This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data.  The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.

Continue Reading

New Security Training Program: Social Engineering: Spies and Sabotage

Module Data Security Spies and Sabotage 02

I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering.

After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams. Key points are applied and reinforced with 4 scenario quiz questions.

Social Engineering Training Spies 01

Continue Reading

The High Cost of Phishing and the ROI of Phishing Training

Phishing Training 01

A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face.  Phishing is an enormous problem, and it is getting worse.

Phishing threats -- Verizon report 2015 threats

In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks.

Continue Reading