Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Security awareness

How to build security awareness & training to NIST standards

January 2, 2020 // By: Tyler Schultz

Review NIST’s cybersecurity training resources and guidelines and explore how you can use Infosec IQ to not only follow NIST recommendations, but also prepare your workforce for the cybersecurity threats they face.

Pros & cons of using an LMS for security awareness & training

February 25, 2020 // By: Tyler Schultz

Can you use your learning management system to deliver employee security awareness and training? In this post, we’ll cover the pros and cons of running a security awareness and training program from your LMS as opposed to a dedicated security awareness and training platform.

The ROI of security awareness training

September 17, 2019 // By: Tyler Schultz

With many organizations facing understaffed IT and security departments with limited time and budget, it’s smart to ask, “Do the benefits of security awareness training outweigh the costs?” In this post, we show you how to calculate the ROI of security awareness training at your organization.

The secret to building a culture of cybersecurity

November 20, 2019 // By: Tyler Schultz

Although there is no magic bullet to create cybersecurity culture change overnight, implementing a layered cybersecurity training and communication strategy will help keep security top-of-mind and make secure behavior a habit at your organization.

Lessons from Masters of Persuasion: Customization is Key

March 6, 2019 // By: Megan Sawle

As security awareness practitioners, we need to be better than criminals at influencing our employees’ behavior. Just like digital marketing, customization is key. This means tailoring your training and awareness program by employee role, responsibility and access to boost program effectiveness.

Fear is not the motivator you’re looking for: 5 security awareness training tips from Dr. Jessica Barker 

December 19, 2019 // By: Lisa Plaggemier

I recently had the opportunity to hear Dr. Jessica Barker speak on “Conquering Fear and Loathing in Cybersecurity” at Infosec’s annual security awareness conference, Infosec Inspire19.  If you haven’t had the opportunity to hear her speak, you’re missing out:  she’s an international rock star in the world of security training and awareness.  

Videos & Best Practices to Build a Security Champions Program

July 25, 2018 // By: Kristin Zurovitch

Phishing, ransomware and social engineering attacks are rising rapidly. As they continue to get more sophisticated, we also see they no longer discriminate. Regardless of size or industry, every organization is now vulnerable to cyber threats, making organization-wide security awareness training the key to resiliency.

Why did Infosec hack into a reporter’s smart home system? Because he asked us!

December 13, 2019 // By: Jeff McCollum

Infosec helped KUOW reporter Joshua McNichols learns about the dangers of clicking on a phishing email that could corrupt his smart home devices.

[Updated] Top 9 coronavirus phishing scams making the rounds

March 24, 2020 // By: Tyler Schultz

We collected seven coronavirus phishing attack examples to shed light on the top tactics cybercriminals are using so you can help prepare your employees for the threats they are facing now and in the foreseeable future.

Why microlearning works: A security awareness perspective

January 14, 2020 // By: Tyler Schultz

In this post, we’ll explore microlearning techniques, how you can use it to achieve your training goals and what it means for one of the most important stakeholders in your security awareness and training program: your employees.

7 myths about election security — debunked

September 18, 2019 // By: Tyler Schultz

It takes everyone involved in the voting process to watch for suspicious activity and adhere to cybersecurity best practices to prevent interference in the upcoming elections. In this post, we debunk seven common myths about election security and provide actionable tips to pass along to poll workers and volunteers.

Metropolitan School District of Wayne Township Combats Ransomware with SecurityIQ

July 17, 2018 // By: Kristin Zurovitch

Infosec, the leading provider of IT security education and workforce security awareness training solutions, announced the Metropolitan School District (MSD) of Wayne Township, Indiana selected Infosec IQ for district-wide security awareness education. Pairing Infosec IQ with the district’s personalized learning techniques and an internally-developed network of trained...

5 Best Practices to Harden Your Human Firewall

November 7, 2018 // By: Tyler Schultz

When building your human firewall through security awareness training, incremental gains are important. Following a few best practices can help you stack your incremental gains and strengthen your human firewall. We were delighted to speak with Forrester senior analyst Nick Hayes about best practices to harden your human firewall.

5 Steps to Building a Cyber-Aware Staff

October 10, 2018 // By: Tyler Schultz

Preventing cybersecurity attacks at your organization takes more than technical efforts. It requires a cyber-aware staff and a culture of security awareness to keep your organization safe. The biggest question is: How can you build a cyber-aware staff?

National Cybersecurity Awareness Month made easy

August 27, 2019 // By: Tyler Schultz

National Cybersecurity Awareness Month is here! Use our NCSAM Toolkit including themed posters, infographics and articles to make this October the best National Cybersecurity Awareness Month yet. Our resources are relatable, conversation and (dare I say) fun!

7 research-backed tips to improve your security awareness training

December 1, 2019 // By: Tyler Schultz

We love talking to clients and security practitioners about what’s working at the ground level of their security awareness programs. However, sometimes it’s helpful to take a step back and look at the security awareness space from a research data perspective. We spoke with Michael Osterman from Osterman Research to dig into 7 research-backed tips to improve your security awareness training.

How measure the ROI of your security awareness program

December 18, 2019 // By: Maeve Ryan

Everyone knows security awareness training is important, but how can organizations measure the success of their security awareness program?

Celebrate Cyber Security Awareness Month With FREE Training Resources

September 27, 2018 // By: Megan Sawle

If you’re like most cybersecurity pros we know, the security awareness training manager hat is just one of many hanging in your server room. While you’ve been busy patching vulnerabilities and monitoring your networks, we’ve built out a series of free resources to help you kick off Cybersecurity Awareness Month like you’ve been planning for it all year.

Security Awareness: A Core Competency for K-12 Students

October 3, 2018 // By: Megan Sawle

Today’s youth spend more time than ever before online. Like learning to lock the front door behind you, security awareness training at an early age helps transform a behavioral concept into a habit. Our FREE K-12 awareness training series includes three fun security awareness training modules, with a fourth on the way to encourage the next generation to consider career paths in cybersecurity.

Security Awareness: Are you prepared for the coming year?

October 31, 2018 // By: Jeff Peters

Today is the final day of National Cyber Security Awareness Month, and we here at InfoSec Institute have loved seeing the community come together to spread security awareness. However, an effective security awareness program needs more than just one month worth of effort. As we transition into the rest of the year, it’s important to keep the security awareness momentum going.

Should repeat offenders be sent to maximum security?

July 29, 2019 // By: Lisa Plaggemier

If you listen regularly to the repeat offender buzz, eventually you’ll hear from those who believe disciplinary actions are the best response. In my current role working for a security education provider, I’m in frequent contact with a remarkable community of peers from other companies. We all agree on the best thing to do with repeat offenders: help them.

Securing the Global Killswitch: 5 Ways to Protect Critical Infrastructure From Attack

October 24, 2018 // By: Megan Sawle

As we wrap up the last week of Cyber Security Awareness Month, we turn our focus to protecting our nation’s critical infrastructure. Today’s grid is both the backbone of our nation’s economy and its Achilles’ heel. Attacks like Crash Override and Stuxnet have prompted new discussions and initiatives around the globe to address vulnerabilities in our increasingly interconnected world.

Your 2020 tax scam training guide

January 3, 2020 // By: Tyler Schultz

Get your W-2s and returns ready because tax season is on the way! As if deductions, exemptions and return distribution wasn’t enough, tax season becomes open season for cybercriminals hunting for sensitive information, credentials and even a direct deposit of your employees’ tax returns.

Infosec would like to thank the Academy….

February 27, 2020 // By: Jeff McCollum

You won't find many red carpets or best and worst dressed lists during cybersecurity award season, but there are plenty of announcements and recognition of earth-shattering importance.

Why you should run your security awareness program like a marketer

April 16, 2019 // By: Tyler Schultz

Learn how security professionals can adopt basic marketing principles to transform an otherwise routine and easily dismissed security training program into a campaign that employees actually want to engage with.

If your employees aren’t learning from your security training, are you really teaching?

May 3, 2019 // By: Tyler Schultz

Delivering the information your employees need to stay cybersecure doesn’t guarantee they will retain the knowledge or adopt good security habits. If your employees aren’t learning, how can you improve your teaching? What can you do to engage employees, inspire them to change their behavior and, ultimately, keep your organization secure?

Phishing attachment hides malicious macros from security tools

February 20, 2020 // By: Tyler Schultz

A clever new wave of phishing attacks prove malicious, macro-enabled attachments can still bypass security tools and pack a serious punch under the right conditions. The attacks, recently spotted by researchers at FireEye, targeted financial services organizations in the United States, tricking them to download and deploy a backdoor giving attackers full control of the victim’s environment.

Learn how this security pro is tackling security awareness and data protection at her healthcare company

March 26, 2020 // By: Jeff McCollum

Protecting patient's personal medical information is critically important. Learn how this company manages its security awareness training to protect the company and patient data.

PayPal credential phishing with an even bigger hook

January 17, 2020 // By: Tyler Schultz

With the increased adoption of multi-factor authentication, login credentials alone may not be enough for scammers to gain the access or information they’re after. Learn how credential phishing is evolving and what you can do to keep employees and your organization secure.

Microsoft data entry attack takes spoofing to the next level

December 18, 2019 // By: Tyler Schultz

Dynamic data entry attacks take login page spoofing to the next level by reading the victim’s email address, identifying their organization and dynamically adjusting the spoofed login page to serve the custom elements used by the organization on their legitimate, custom login page. See what this threat looks like in the wild and how to prepare your employees to avoid this attack.

Celebrate Data Privacy Day by Sharing These Free Resources!

January 28, 2019 // By: Jeff Peters

Data privacy tends to be viewed through a negative lens — massive data breaches, fines from government watchdogs and stories of lost customers. But when done right, it can become a story of empowering people and organizations to respect privacy, safeguard data and enable trust. We want to keep that positive message going all year long with these free, shareable resources.

Be cybersecure when working from home

March 18, 2020 // By: Jeff McCollum

The COVID-19 outbreak is creating a rush to set up remote workers. Don't forget to include steps to stay cybersecure in your plan.

8 phishing simulation tips to promote more secure behavior

December 12, 2019 // By: Tyler Schultz

The goal of simulated phishing is to both prepare employees to spot real attacks while also encouraging them to report suspicious emails to your security team. To help you strike this delicate balance, we put together our top eight phishing simulation tips perfect for anyone trying to refine their strategy or even launch their very first simulated phishing program.