The Best End User Security Awareness Programs Aren’t About Awareness Anymore
The goal is to apply psychology principles to security training to change behaviors and security outcomes.
Security awareness covers how people recognize and avoid phishing, social engineering, unsafe practices, and other causes of cybersecurity incidents.
Search across headline titles and summaries.
Background for this topic.
Security awareness is the ability of people in an organization to recognize security risks and make safer decisions when using systems, handling information, or communicating. It covers practical behavior such as checking unexpected login requests, protecting credentials, verifying payment or access changes through trusted channels, limiting sensitive data exposure, and reporting suspected phishing or social engineering promptly. Awareness is not a guarantee that users will avoid every mistake; it reduces risk when guidance is relevant to people’s roles and workflows.
Security practitioners assess awareness through targeted education, realistic exercises, clear reporting paths, and measures such as reporting quality and time to escalation—not merely course completion. News under this tag may therefore concern phishing and impersonation campaigns, unsafe handling of personal or confidential data, policy changes, or lessons from incidents involving human decisions. Effective programs should reinforce technical controls such as multifactor authentication and least privilege, while avoiding blame: users need simple procedures for verifying requests, reporting errors, and obtaining help before a mistake becomes an intrusion.
Weekly headline count for the current query.
The goal is to apply psychology principles to security training to change behaviors and security outcomes.
Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don't trust the results.
Not only are attacks against macOS users ramping up, but threat actors have proven to be advanced with deepfake technology. Security awareness training may be the best defense.
Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
Thoughtfully applied, humor breaks through security fatigue, increases engagement, and fosters a culture of security awareness.
By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.
Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.
Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective.
Enterprise security goes beyond tech leadership, and beyond the CISO's office. Achieving cybersecurity and resilience is a team effort, and requires building a culture of security awareness.
Stay away from using these tactics when trying to educate employees about risk.
Stay away from using these tactics when trying to educate employees about risk.
Avoid making these mistakes when crafting a security awareness strategy at your organization.
Try these tricks for devising an education program that gets employees invested — and stays with them after the training is over.
Try these tricks for devising an education program that gets employees invested — and stays with them after the training is over.
Most companies offer some kind of awareness training these days. But how much of those lessons are employees actually retaining?
Leverage the human layer as a crucial cog in building cyber resilience within the organization.
To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.