It’s 2018 and there are still morons

I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons →

Let’s talk about staff, bay-bee

Let’s talk about you and me, and all the good things and the bad things that may be. Once you start thinking about cyber-security, you tend to focus on the external threat – the $450bn cyber-crime industry that is very definitely out to get you. They often succeed, too, and sometimes the cost is very … Continue reading Let’s talk about staff, bay-bee →

6 rules to avoid disaster: a practical guide to phishing and spear-phishing

A chain is only as strong as its weakest link. Are you that link? Hackers don’t come in through the firewall. They come in, most of the time, through a much easier route: the staff. How? By exploiting basic psychology, and being prepared to do a little research. The easiest way to get someone’s password … Continue reading 6 rules to avoid disaster: a practical guide to phishing and spear-phishing →

Why security awareness training is more important than firewall upgrades

Most people’s image of cyber-crime comes from the media. A slovenly teenager sits in a darkened room, typing frantically in front of a bank of screens. Cut to shirtsleeved workers, typing in equally frantic defence in front of their screens. At some point the hacker is “through the firewall” and has complete control. Shortly afterwards … Continue reading Why security awareness training is more important than firewall upgrades →