Recent Posts

Recent Blog Posts

The PhishLabs Blog

Dane Boyd

Dane Boyd is the Lead Solution Manager for PhishLabs T2 Employee Defense Training solution. Prior to joining PhishLabs, Dane was the principal consultant on the SecureWorks Security Awareness Training team.

Recent Posts

Using Reported Phish to Hunt Threats

Posted by Dane Boyd on Jul 10, '18

Reported phishing emails are useful for plenty of reasons.

Read More

Topics: Phishing, Threat Analysis, Phishing Incident Response

How To Change Security Behaviors: Information Security

Posted by Dane Boyd on Jun 28, '18

Let’s be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences.

Read More

Topics: security awareness training

How To Change Security Behaviors: Mobile Security

Posted by Dane Boyd on Jun 13, '18

Let’s be honest, security has never been simple.

Read More

Topics: Mobile

6 Steps to Quickly Defang Reported Phishing Emails

Posted by Dane Boyd on May 3, '18

So here it is… the first one you’ve received. Everything has been building up to this.

You spent days preparing the business case, weeks designing the training program… and it’s finally paid off.

The first user-reported phishing email has hit your inbox.

Read More

Topics: Threat Analysis, Employee Defense Training

Security Awareness Training and How it Impacts Reported Suspicious Emails

Posted by Dane Boyd on Apr 19, '18

It should not be a surprise, but 95 percent of breaches come through phishing attacks. Nothing more than a simple lure email lands in one of your users inboxes, they click it, and everything unravels from there.

Read More

Topics: security awareness training, Phish, Threat Monitor

How To Fight the War Against Phishing

Posted by Dane Boyd on Feb 20, '18

Making the move from the typical security awareness training approach to a powerful anti-phishing program isn’t an easy sell.

Executive boards are used to basic training programs with boring annual sessions, and (let’s be honest) minimal results… with correspondingly tiny budget approvals. So when they finally do agree to a more in-depth program, there’s a tendency to expect results overnight.

The trouble is, training users to spot and report phishing emails isn’t an overnight fix. And trying to realize dramatic results in a short timescale is a surefire way to hamstring your program.

Read More

Topics: Phishing, Employee Defense Training

How To Make Reporting a Phish So Easy Even Your Busiest Execs Will Do It

Posted by Dane Boyd on Feb 13, '18

bigstock-blueprints-and-planning-80666213.jpgFrustrating, isn’t it? 

You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right…

Oh, your users are probably spotting phishing emails. After all, they’ve engaged with the training, and seem to be taking it seriously.

But no matter how many times you remind them, they just won’t report those phishing emails.

Read More

Topics: Spear Phishing Protection, Employee Defense Training

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Posted by Dane Boyd on Feb 6, '18

bigstock-Portrait-Of-Businessman-With-C-80860418.jpgIn most organizations, a user who can identify and delete phishing emails is considered a huge asset.

And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.

But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.

Read More

Topics: Phishing, Employee Defense Training, security awareness training

Why Failure Isn’t the Enemy in the Fight Against Phishing

Posted by Dane Boyd on Jan 29, '18

bigstock-Virus-Detection-92802713-1.jpgTraining users to identify and report phishing emails is far from an overnight fix.

It takes time, persistence, and engagement to make a meaningful impact on user email behaviors.

But you already knew that, didn’t you? In fact, you probably already have a program in place to help users identify potentially malicious emails.

Read More

Topics: Employee Defense Training, security awareness training

Getting Past Gotcha: Reframing Anti-Phishing Training

Posted by Dane Boyd on Jan 9, '18

If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.

Experience has taught us that the only way to reliably improve a user’s ability to spot and report phishing emails is to test them in the real world. To put it another way, they need to see realistic phishing emails in their inbox on a regular basis… and you need to put them there.

It’s tempting (oh so tempting…) to treat this as a gotcha exercise.

Read More

Topics: Phishing, Phishing Simulation, security awareness training

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all