From determining the needs of employees to delivering the proper content, while also dealing with budget constraints and deadlines, those put in charge of managing an organization’s security awareness program (SAP) have their hands full. Unfortunately, that’s how planning—the most important stage of any successful SAP—often gets overlooked. Setting goals [...]
Taking a tiered or layered approach is one of the best strategies for handling the many challenges of cybersecurity. That’s why we created the Domains Triad, which breaks down security into three parts: Cyber, Physical, and People. Similar to how the CIA Triad provides a compartmentalized view of how to [...]
Initially developed for critical infrastructure, the National Institute of Standards and Technology established a framework for improving cybersecurity, now referred to simply as NIST CSF. At the core of the framework exists five functions, and 22 categories within those five functions, which have become the standard for many organizations worldwide. [...]
If you’ve hung around this blog long enough, you know that we strongly endorse continuous learning and microlearning for training employees. Those two strategies provide proven, successful ways to educate, and monthly newsletters take advantage of both of them. The former refers to a cycle of education that repeats itself [...]
The way your employees grasp and process the information you give them will determine the success of your security awareness program. To oversimplify what that means: boring, long-winded, overly complicated programs will likely fail. Conversely, bright, entertaining, inclusive programs tailored to your user-base will likely succeed. What follows are five [...]
What is Data Integrity Your data has a lot to defend against: user error, transfer errors, misconfigurations, security errors, cybersecurity attacks, and hardware errors. Keep your data safe from all these different types of attacks by maintaining data integrity. To remember exactly what data integrity looks like, use the FDA’s [...]
Technological progress has always been a double-edged sword empowering organizations of all sizes to digitalize their processes but also creating room for multiple types of hacking attacks and scams. In order to manage this tension and leverage online assets such as websites, email, and third-party applications, it’s necessary to think [...]
Remote working is great – but it presents security challenges that have to be addressed. The modern workplace is markedly different from the 9-5 equivalent of even 15 years ago. Mature businesses offer a variety of schemes to entice information workers into challenging jobs and provide hours that [...]
Social engineering–the use of psychological manipulation to gain and abuse the trust of humans. Social engineers have long taken advantage of human emotions. It’s how they’re able to convince people to divulge sensitive information or provide access to controlled areas of buildings and offices. The tactics that scammers use have been [...]
IT security and cybersecurity policies are all the rage these days, and rightfully so. However, an IT security policy alone does not guarantee effective security within an organization. Responsible organizations understand that the onus is on them to communicate the elements of their security policies to their employees in an [...]
