News and Insights
Get the latest Click Armor news and expert insights to help you fight phishing, social engineering scams and other risks related to human behaviors.Â
Why copying some vendors’ email notifications in phishing tests can backfire
Some vendors' confusing notifications make easy phishing tests, but that doesn't mean you should use them.Replicating these easy tests will only create an adversarial relationship between employees and the IT Security team. Yes, attackers who know you use [vendor...
The key pitfalls of replicating attackers’ impersonation methods in phishing tests
The value of performing live phishing tests relies on using impersonation the way attackers do. Live simulations have several limitations in this area that reduce their value for your security program.Here are some key pitfalls I've discovered when using live tests to...
Use multiple types of inputs to obtain accurate assessment of behavior
It’s hard to change behavior without knowing how to properly measure it. Using a single input such as asking people their opinions, or registering a click on a "live phishing simulation" is problematic because...  1. People may only tell you what you wanted to hear.2....
How to Avoid Training Fatigue in Your Compliance Programs
Training fatigue is common with increased transformation & compliance initiatives.Security and privacy make up a fraction of the compliance training commitments required of employees. Placing additional training requirements on employees can impact corporate...
Focus on employee cyber vulnerabilities with a risk-based lense
Not every vulnerability needs to be patched or even strengthened. To make an informed decision, risks need to be put into context.However, on the human side, most businesses do not have a good way of viewing or understanding their risk context. The key elements of...
How live phishing tests are wasting your organization’s time
Phishing assessments are stressful and waste a lot of time. Technically, it's a simple concept: Template, Target, Test...But, in reality, here are the headaches and time-consuming details that few executives factor into the costs of phishing simulations... 1....
Join Scott Wright for a special guest appearance on The Thursday Process webinar with Ian Richardson – September 1, 2022
It's not always easy or efficient to market to small and medium-sized businesses (SMBs). But I wanted to share with our MSP partners some of the ways we have found that work well for building visibility and credibility online. Our approach involves leading the way...
Why smishing (SMS phishing) shouldn’t be left out of your training program
SMS phishing (smishing) threats aren't talked about enough. We need to teach and simulate these threats, beyond just phishing threats targeting employees.E.g., Customers of Rogers (mobile carrier) are being enticed by SMS messages offering compensation for a recent...
Help your employees understand WHY they need good cyber hygiene
Before teaching them awareness tips, staff must buy in to why. Rules and tips require context. Employees will be asking: "Why do I need them?"Here are some topics that can help employees understand WHY they need to learn good cyber hygiene: 1. How the organization is...
Why your small business should be using MSPs for security services
Small businesses need to use Managed (Security) Service Providers (MSP or MSSP) security services to ensure business infrastructure is running smoothly and securely.Here are some good reasons to use them: 1. They have experience configuring complex security solutions...
4 reasons to challenge your employees’ cyber security beliefs
People don't know how they may be vulnerable. Employees and execs have confidence that "I'm good".Here are four reasons we need to challenge their beliefs in a positive way, without causing backlash or embarrassment that hurt culture: . 1. They think the organization...
Why employees need regular practice at spotting cyber threats in a safe environment
It's hard for us to remember irregular habits, like spotting threats. It's much easier to remember procedures you do every day or even weekly.This goes to why employees need more "safe, regular practice" at spotting threats: The procedures we learn to do on a daily...
Build your security awareness program in 5 phases
It can be tempting to start deploying security awareness training as soon as the resoures are available. But you only get one chance, and it makes sense to plan it out.Phase 1 - Assess where you're at, including exec inputs Phase 2 - Plan the content roll-out for both...
The key variables to consider in live phishing tests
What does "counting clicks" in live phishing tests tell you? There are really a lot more questions than answers.Here are some of the variables that are rarely considered when reporting on live phishing tests: 1. Did the employee guess suspect a test based the subject...
How to build employee confidence to accurately assess proficiency in handling cyberthreats
Employees don't engage when they are not confident.We often forget that emotions impact an employee's participation. Here are a few ways to help employees in overcoming uncertainty about their own skills: 1. Make learning stress-free and/or fun2. Allow them to...
