Linked: Large-scale phishing study shows who bites the bait more often
|

Linked: Large-scale phishing study shows who bites the bait more often

They had some interesting findings on gender (doesn’t matter) and age (young and older employees seemed more likely), but this is one that I think impacts a lot of what we do when it comes to protecting against phishing:

“An interesting finding in the ETH study is that employees who are continuously exposed to phishing eventually fall for it, as 32.1% of the study participants clicked on at least one dangerous link or attachment.”

Shared Links (weekly) Dec. 5, 2021

Shared Links (weekly) Dec. 5, 2021

Shared Links (weekly) Nov. 21, 2021

Shared Links (weekly) Nov. 21, 2021

Linked: When Workplace Mindfulness Training Is Worse Than Nothing
| |

Linked: When Workplace Mindfulness Training Is Worse Than Nothing

We’ve seen the memes. The ones about the law firm offering a lunch hour yoga class to overworked, stressed, associates who haven’t had time to even take a lunch break in months. Or the “reward” for months of 70-80 hour work weeks is free pizza. It just makes people angry because it’s a token that does nothing to actually recognize the work involved, or correct the problems that created this mess to start with.

Workplace stress, anxiety, and other mental health issues are not just something a little mindfulness can fix. Workers are waking up to the fact that it’s the company culture that is contributing to this. Offering a way for employees to help “fix” themselves might seem like a nice thing, and in many ways it is, but doing it while not making any effort to recognize the contributions managers and corporate culture make to the problem, along with a commitment to make changes, is the very definition of “too little”.

Linked: You know how to identify phishing emails – a cybersecurity researcher explains how to trust your instincts to foil the attacks
|

Linked: You know how to identify phishing emails – a cybersecurity researcher explains how to trust your instincts to foil the attacks

And so, I wonder if those yearly, semi-annual, quarterly, video training would be a lot more effective if we also shared specific examples of people who got phished, and how they fell for it?

Like most things in life, it’s one thing to hypothetically know that something could happen, but it’s quite another to know that it did happen to someone we know. Someone just like us. That makes it so much more real in our minds, and it appears to make a huge difference in how users might approach phishing attempts.

Shared Links (weekly) October 24, 2021

Shared Links (weekly) October 24, 2021