News and Insights
Get the latest Click Armor news and expert insights to help you fight phishing, social engineering scams and other risks related to human behaviors.
Help your employees understand WHY they need good cyber hygiene
Before teaching them awareness tips, staff must buy in to why. Rules and tips require context. Employees will be asking: "Why do I need them?"Here are some topics that can help employees understand WHY they need to learn good cyber hygiene: 1. How the organization is...
Why your small business should be using MSPs for security services
Small businesses need to use Managed (Security) Service Providers (MSP or MSSP) security services to ensure business infrastructure is running smoothly and securely.Here are some good reasons to use them: 1. They have experience configuring complex security solutions...
4 reasons to challenge your employees’ cyber security beliefs
People don't know how they may be vulnerable. Employees and execs have confidence that "I'm good".Here are four reasons we need to challenge their beliefs in a positive way, without causing backlash or embarrassment that hurt culture: . 1. They think the organization...
Why employees need regular practice at spotting cyber threats in a safe environment
It's hard for us to remember irregular habits, like spotting threats. It's much easier to remember procedures you do every day or even weekly.This goes to why employees need more "safe, regular practice" at spotting threats: The procedures we learn to do on a daily...
Build your security awareness program in 5 phases
It can be tempting to start deploying security awareness training as soon as the resoures are available. But you only get one chance, and it makes sense to plan it out.Phase 1 - Assess where you're at, including exec inputs Phase 2 - Plan the content roll-out for both...
The key variables to consider in live phishing tests
What does "counting clicks" in live phishing tests tell you? There are really a lot more questions than answers.Here are some of the variables that are rarely considered when reporting on live phishing tests: 1. Did the employee guess suspect a test based the subject...
How to build employee confidence to accurately assess proficiency in handling cyberthreats
Employees don't engage when they are not confident.We often forget that emotions impact an employee's participation. Here are a few ways to help employees in overcoming uncertainty about their own skills: 1. Make learning stress-free and/or fun2. Allow them to...
Distinguishing between security culture and security awareness helps articulate the risk management value of these terms
Security culture and security awareness should be two different things.For security geeks, I've started reading The Security Culture Playbook. At this point I really like the book, but it begs a question. Perry Carpenter and Kai Roer lay out some key reasons why...
Why executives are key to the success of your security awareness training
If execs don't take security awareness training, then it just isn't important to them. That's how employees feel, whether training is mandatory or not.The behavior modelled by executives is one of the most important drivers of corporate culture. If top executives...
Security awareness means more than just employees understanding training
Most people don't think about what AWARENESS really means. What awareness should mean is: Being ready to make a decision. If there is no improvement in their ability to make a decision, what's the point in making people take training? Watching videos and asking people...
How making your security awareness training less predictable can increase engagement
Security awareness training must be made less predictable. Employees rarely engage if they think they know what's coming.One IT Security manager told me her organization's developers literally wrote software that everyone used to "run the training". So they got full...
Compliance managers are becoming overwhelmed by customer requests for certification information
Get ready for outbursts of profanity from compliance managers...[Pharma ad voice-over]: Do your customers quickly forget your security certifications? - Do customers' auditors repeatedly ask for the same security control information? - Do you wake up in the middle of...
The barriers that can stop employees from participating in your cyber security training
Security awareness training is usually mandatory for all. But many organizations see less than 60% of employees participating before the next round of training is launched. This presents a strange problem for management. Do you keep trying to get employees to finish...
How a ransomware attack shutdown an Illinois college
So you think your organization is resilient? Imagine surviving all of these challenges, only to be shuttered by ransomware...Lincoln College in Illinois was established in 1865, and had survived: 1. A fire in 19122. The Spanish flu3. The Great Depression4. World Wars...
What’s your ransomware infection plan?
Without a plan for responding to a ransomware incident, you'll pay. Most executives I've asked didn't know what their organization would do if it were infected.It's a simple question that boards should ask executivess: "What's your plan?" Here are a few important...