by ThinkCyber | Feb 19, 2020 | Articles
The statement “security is everybody’s responsibility” is a common refrain. And it is an ideal end-state culture for many organisations. Certainly from the perspective of the IT Security team – they provide the tools and controls, but everyone does their bit in...
by ThinkCyber | Jan 16, 2020 | Articles
It’s a commonly held belief that we learn from failure. But recent research has found the opposite: failure undermines learning. The results of this research raise questions about “phish-test-train” strategies to increase staff understanding of phishing attacks. The...
by ThinkCyber | Dec 17, 2019 | Articles
One organisation recorded just a 17% completion rate following their initial email asking people to do mandatory security awareness training… …it’s little wonder some businesses end up with a cottage industry of line managers, HR and infosec staff chasing people to...
by ThinkCyber | Nov 12, 2019 | Articles
Ask a security practitioner what they want from a security awareness programme, and the immediate response you receive will sometimes be “to tick a compliance box”, sometimes “to reduce security risk” and sometimes “to achieve compliance and reduce risk, of course”....
by ThinkCyber | Jul 3, 2019 | Articles
In part two of this series of blogs reporting on our research project to “Reimagine Security Awareness” we feedback on what users told us would make them engage with security awareness training. Whereas part 1 covered the “do nots”, part 2 covers the “do dos”. We can...
by ThinkCyber | Jun 14, 2019 | Articles
Mention the phrase “mandatory training” to almost any employee and they will likely roll their eyes in despair. But security awareness must be part of the cyber defence strategy in any organisation. Truly engaging your employees is a critical element of this strategy....
