The PhishLabs Blog

How To Avoid Becoming the Next Big Phishing Headline

Posted by Lindsey Havens on Feb 10, '17

After years of research, analysis, and first-hand experience, here's what we’ve learned:

Phishing is a big deal.

Last month we held a webinar, with the aim of helping organizations to fight back against phishing. Hosted by Crane Hassold, our Senior Security Threat Researcher & former FBI analyst, and Dane Boyd, our Lead Solution Manager, this was one of the most comprehensive and entertaining webinars that we have hosted on phishing and security awareness training.

In this article we’ll give you the highlights of the webinar, and help you understand why and how your organization should combat phishing attacks.

Read More

Topics: Phishing, security awareness training, EDT

How To Be HIPAA Compliant (And Why It’s Not Enough)

Posted by Lindsey Havens on Feb 2, '17

The healthcare industry, like most others, is obsessed with compliance.

And that makes sense. After all, fines for HIPAA non-compliance are at an all time high, so who wouldn’t make it a top priority?

But as we already know, compliance doesn’t equal security. Thousands of HIPAA compliant healthcare organizations are breached every year, and unless the framework is dramatically tightened in the near future the same will be true in 2017.

Read More

Topics: security awareness training, Healthcare

Building Powerful Security Awareness Training for the Healthcare Industry

Posted by Lindsey Havens on Jan 27, '17

Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.

We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.

But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.

Before we consider what should be included, though, it’s worth looking at things from another perspective.

Read More

Topics: Phishing, security awareness training, EDT, Healthcare

Anatomy of a Healthcare Data Breach

Posted by Lindsey Havens on Jan 19, '17

Healthcare data breaches are becoming an almost daily occurrence.

Last year, the  volume and scale of healthcare data breaches increased more than ever before. In August of 2016, Advocate Health Care, a network of 12 hospitals and over 200 other treatment centers, was hit with a $5.5 million settlement over a series of three data breaches back in 2013.

So what’s going wrong? If you’ve been following this series so far, you’ll know an unprecedented number of threat actors are now targeting the healthcare industry… but how are all these breaches actually happening?

Read More

Topics: security awareness training, EDT, Healthcare

The Uphill Battle of the Healthcare CISO

Posted by Lindsey Havens on Jan 12, '17

Let’s face it, being a healthcare CISO isn’t an easy job. The environments are complex, the staff are almost exclusively non-technical, and as of 2015 healthcare is officially the most attacked industry.

But what is it about healthcare that makes it so uniquely difficult to secure? If gambling websites and financial institutions can (for the most part) avoid major breaches, why can’t hospitals and private clinics?

Read More

Topics: Phishing, security awareness training, Healthcare

Why Security Awareness Training Should Be Your Easiest Investment Decision

Posted by Lindsey Havens on Dec 21, '16

On the face of it, there’s really only one reason to invest in security awareness training: To avoid breaches, and save money. In reality there’s a bit more to it than that, but let’s stick with this assumption for now.

Read More

Topics: Phishing, security awareness training

How to Build a Business Case for Powerful Security Awareness Training

Posted by Lindsey Havens on Nov 29, '16

You're probably thinking security awareness training for employees is a no-brainer, that you shouldn't have to sell the idea up the ranks. However, with several other technology controls in place for securing your organization, you may be faced with a surprising "what's this...is this really necessary" when you slide that line item into next year's budget. 

So you re-consider what you have budgeted and entertain a once-a-year, check-the-box option to satisfy compliance needs. But how much will your organization benefit from this status-quo approach? 

Getting signoff for a security awareness training program that actually works can be much harder.

But it doesn’t have to be. With a little research and a few calculations, you can produce a business case for security awareness training that holds up even under purely financial scrutiny.

Here’s how.  

Read More

Topics: Phishing, Employee Defense Training, security awareness training

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

You put all that effort into designing a security awareness training program… 

But is it helping keep your organization safe? Or is it just satisfying your compliance requirements?

The truth is you have no idea. After all, how can you measure return on investment (ROI) for something intangible like security awareness training?

Read More

Topics: Phishing, Spear Phishing, security awareness training

How and Why You Should Calculate Your Organization's Cost of Phishing

Posted by Jenny Dowd on Nov 15, '16

Everybody knows phishing is costly to their organization. 

But how costly? Few organizations know for sure.

Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?

Perhaps... but probably not.

The issue with these figures is that they're averages, heavily skewed by data from huge organizations. The results may be interesting, but they're of little use to most organizations.

Read More

Topics: Phishing, Spear Phishing, security awareness training, cost of phishing

Why Your Security Awareness Training Isn't up to Par (And What to Do About It)

Posted by Jenny Dowd on Nov 10, '16

Most security awareness training is boring, infrequent, and ineffective. And the worse part is… everybody knows it.

But why? How did we get to this point? And who does all this sub-par security awareness training benefit?

To answer these questions we’ll need to examine one of the main drivers: Compliance.

Read More

Topics: Phishing, Spear Phishing, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_