The PhishLabs Blog

Dane Boyd

Dane Boyd is the Lead Solution Manager for PhishLabs T2 Employee Defense Training solution. Prior to joining PhishLabs, Dane was the principal consultant on the SecureWorks Security Awareness Training team.

Recent Posts

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training, EDT

How to Strengthen Your Human Firewall

Posted by Dane Boyd on Sep 20, '16

When it comes to security, it pays to be completely honest with yourself. After all, you may be able to hide weaknesses in your network from yourself, but that won’t stop threat actors from finding them.

If you are totally honest with yourself, you’ll realize there’s no way to completely shield your users from attacks.

You can tighten your spam filter, keep a watchful eye on user permissions, and buy in the best endpoint security package you can afford… but still, some attacks will make it through. And if your users are like most people, right now they aren’t even close to being ready to cope with that. We explored this previously in Why Some Phishing Emails Will Always Get Through Your Spam Filter.

We believe people can be the last line of your network defense – and do a damn good job of it – but first they have to be trained.

Here are a few ideas to get you started.

Read More

Topics: Phishing, Spear Phishing, security awareness training

Why Some Phishing Emails Will Always Get Through Your Spam Filter

Posted by Dane Boyd on Sep 15, '16

Frustrating, isn’t it?

It seems like no matter what you do, a few phishing emails always find their way into your users’ inboxes. You’ve tweaked your spam filter, and you’re scanning every attachment… But nothing seems to work.

Is it you? Are you making some glaring mistake?

Probably not.  We've discussed before why your users keep falling for phishing scams, and there's more to it. 

The fact is that no matter how good your security, a small percentage of phishing emails will always reach your user’s inboxes. 

Read More

Topics: Phishing, Spear Phishing, security awareness training

Hitting Back Against Security Awareness Training Nay Sayers

Posted by Dane Boyd on Sep 13, '16

There’s a lot of talk in the security industry about the effectiveness of security awareness training for employees. Some highly respected members of the community have repeatedly asserted that it’s a total waste of money, and this sentiment seems to have picked up some momentum in recent years. 

In our last post we discussed human vulnerability in Why Your Users Keep Falling for Phishing Scams. People generally assume anything that makes its way into their inbox is a legitimate attempt to contact them. Just because security professionals see a shady email and think ‘phishing’, doesn’t mean everybody else does, too.

The argument against security awareness training goes that since normal users have no responsibility for network security, and they don’t understand the implications of their actions, it should be down to IT to create an environment in one which can’t harm the organization.

But we disagree.

The fact is that while that is a good target to aim for, it isn’t possible right now, and probably never will be.

Read More

Topics: Employee Defense Training, security awareness training

Why Your Users Keep Falling for Phishing Scams

Posted by Dane Boyd on Sep 7, '16

We’ve all been there. That awful moment, when you realize it’s happened again.

“Why do they never learn?” You ask yourself. “It really isn’t that hard!”

Time and time again, your users click on malicious links and attachments in phishing emails, and it seems like no matter what you do to improve their awareness, it never gets any better.

So why do they keep falling for phishing scams? Is it just complacency? Or something more?

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training, security awareness training

Top Five Phishing Awareness Training Fails

Posted by Dane Boyd on Jun 30, '16

Phishing awareness training is an essential security function. But while it may seem straightforward, training employees to spot phishing attacks is no simple task. Done poorly, phishing awareness training can be counterproductive and leave your organization more vulnerable instead of more secure.   Here are 5 common pitfalls to avoid when training your users to spot and report phishing attacks.

Read More

Topics: Employee Defense Training, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all