Calling all writers and speakers who are passionate about security awareness and security management (ScottWright)
posted Thu May 10th 2012 @ 1:19 PM

I often receive very encouraging personal comments from members of the Streetwise Security Zone who enjoy the content I share here. I have found that writing content for a blog, and creating audio presentations such as podcasts can be a great way to improve your confidence. It also tends to make you more recognizable within your community and your industry. Read More »

Don't bank on getting your money back if you're fooled online (ScottWright)
posted Tue May 1st 2012 @ 10:40 AM

Whether you agree with the decision or not, the decision by German courts this week should make you think twice about how you respond to emails you get from banks, and possibly any unsolicited Email from businesses. Read More »

Live security awareness webinars are a fast and affordable way to train staff on security awareness (ScottWright)
posted Wed April 25th 2012 @ 8:38 AM

This is just a short note to let you know that I am offering a live security awareness webinar to educate business staff on how to work securely with corporate information assets. Getting staff to recognize the impact of their everyday decisions on the bottom line of an organization is becoming an important challenge for managers and executives. This program is a cost-effective way to address many compliance and risk management requirements.

So, please pass this note on to the managers in your organization who are responsible for security and training. Here's a link (click HERE) with information on my upcoming Streetwise Security Awareness Webinar for General Employees on May 3 at 10:00am ET.  This page includes an introductory promo code for the May 3 event to save 20% off the $100 per student price. Pricing and delivery options are also available to train your entire organization efficiently and affordably in a short timeframe. Contact me for a whitepaper written by one of my webinar clients who trained 600 staff in a period of one week. Note: There is a limit of 25 students for this session. Read More »

It’s time for C level executives to get involved with security awareness training and education (ScottWright)
posted Mon April 16th 2012 @ 12:00 AM

Speaking with a client’s senior security manager recently, I learned a subtle but important point about how corporate attitudes toward security awareness have changed in the past year. Decisions about putting enterprise security awareness in place are moving up to the top levels. “Security awareness is HOT at the C Levels now…”, the manager said to me. “A year ago, I was the one who was under pressure to put a security awareness program in place. Now, that pressure is at the CIO, CSO, CISO and CEO level.”

The reason for this shift has a lot to do with the frequency and types of security threats that are facing enterprises now. It’s just so easy for an attacker to gain a foothold in a company with a simple phishing email or drive-by download, it’s absolutely critical that everyone in the organization be made to focus attention on security, and how their jobs are potentially affected by it. Read More »

How NOT to be SAFE on the INTERNET [Poster] (ScottWright)
posted Sat March 24th 2012 @ 7:08 PM

Over the past year or so, I've found that fun, off-the-wall content seems to be one of the most effective ways to engage employees in thinking about how to work securely. So, I'm spending more time developing new ideas into Web-based training packages, games and presentations. I have lots of ideas for things that could be done to make a corporate security awareness program effective, easy to manage and affordable. Read More »

Gaining some momentum in teaching the world about smartphone risks (ScottWright)
posted Fri March 9th 2012 @ 12:35 AM

If you happened to see my Honey Stick blog posts recently, you probably already know I've been getting some very high level publicity around the most recent study I was commissioned to do for Symantec. We dropped 50 smartphones in Ottawa, Los Angeles, New York, Washington D.C., and the Bay Area to see what people would do with unprotected phones that had simulated business and personal apps on them.

The results might surprise you. The initial story was published today on NBC's Today Show and today's issue of Business Week, followed shortly by Canada's CTV news and soon to be other news outlets. It's been a crazy day.  Read More »

Scott Wright on the NBC Today Show? (ScottWright)
posted Wed March 7th 2012 @ 7:39 AM

Honey Stick Project Phase 2 mobile threat data will be published in a big way on March 8, 2012.

It's hard to believe - a bit surreal, actually. I have been told to expect that NBC will be airing a segment on the key findings of the Honey Stick Project - Phase 2. Hopefully, we can answer some interesting questions around today's human threats to lost mobile devices. Read More »

Using fun and games to engage employees for security awareness (ScottWright)
posted Fri October 7th 2011 @ 8:02 AM

For those of you who may have just realized that October - National Cyber Security Awareness Month (NCAM) - is upon us, or just passed us by, and are looking for a quick way to engage and educate staff on security awareness issues, I may have just what you need.

I have just created an Intranet-based security quiz game, currently called “The IT InSecurity Challenge Game”. The format might look familiar to anyone who has watched TV game shows.

It may seem sacrilegious to put something as serious as Information Security into a context of casual fun, but from my experience, this is an effective tool. 

Please watch the short video above and let me know what you think.
Read More »

75 percent of enterprise employees may click on phishing links (ScottWright)
posted Fri April 8th 2011 @ 7:31 AM

The article in the link below from Threatpost.com contains a great interview with an email Phishing expert, which all managers should read. In tests run on some organizations, typically 75% of employees fall for phishing links. The Threatpost article explains how attackers are preying on employees' potential sense of curiosity, fear and shame. For example, some phishing attacks include a fake Facebook email notice that claims the recipient has had a negative comment on one of their personal Facebook photos or posts, or that the recipient has been tagged in a photo. This is sure way to prompt people's emotions to over-ride their normal spam-filtering attitude. The way these messages are crafted tends to put people on the defensive, and they want to see what people have said, in hopes of taking action. Read More »

Can enterprises use private social media tools for secure collaboration internally? (ScottWright)
posted Thu February 10th 2011 @ 7:10 AM

We know that many organizations are using open source Wiki software and platforms (e.g. Mediawiki) to do collaboration internally without exposing their systems to 600 million other users. But are there any other tools that enterprises can use to mimic the real-time connectivity of social networking sites like Facebook internally? Read More »

How a data breach occurred from employee use of Facebook (ScottWright)
posted Mon February 7th @ 7:55 AM

This video animation (accessible to all registered members of the Streetwise Security Zone community) explains how any employee using social media like Facebook at home can unintentionally trigger a breach of their employer's network. Note that, as a member of the Streetwise Security Zone, you can share this video animation with non-members, so you can spread the word about the importance of thinking about security, both in the office and at home. More »