Human factor How to stop bad habits getting in the way of security

We’re all creatures of habit. Often, this is to our advantage, as a good habit helps us remember to perform …

Trust Keil Hubert on managing human instinct in security

Imagine that you’re attending an industry conference. The organiser chose a casino with an attached conference centre for the event. …

Behaviour Why do we refuse to abandon security processes that don’t work?

Why do we refuse to abandon ideas, equipment, and processes that have proven themselves to be inadequate? It’s rarely because …

Security awareness Who should deliver your security awareness message?

Effective security awareness depends on establishing credibility with your users. This motivates some small awareness shops to employ a high-prestige …

People A guide to helping people overcome “cyber attack fatigue”

The more that we warn people about threats that don’t manifest in their personal lives, the more likely people become …

Behaviour A guide to recognising our biases and overcoming them

Our brains can be our own worst enemy when it comes to following security controls. It’s not that we don’t …

People Why “old” skills still have practical value for cyber security

It’s easy to feel overwhelmed by the madcap pace of change in technology. Sometimes it might feel like all our …

People Want to improve your security? Understand the cognitive bias behind decision-making

People like to believe they’re perfectly rational beings. It can be a shock to learn that we’re not. It’s critical …

Phishing A guide to phishing emails and how they work

The most efficient phishing attacks are precisely crafted messages that use our known psychological attributes against us, stimulating us to …

Training Cyber security through storytelling: which approach will motivate your users?

Oh no! The users have learned about a terrible new cyber threat and want immediate guidance! What do you do? …

Information Security A practical guide to busting the “perfect security” myth

There’s no such thing as “perfect security” just like there’s no such thing as a “real” unicorn. Most people have …

Information Security Security training: why one approach is not going to work

Security training isn’t a one-to-one analogue for technical skills instruction, especially when you’re training non-technical people. Security trainers need to …