Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Keys to Success

RBS Security Awareness Manager Shares Lessons Learned at Wombat Wisdom

Posted by Gretel Egan on Sep 19, 2017 11:57:44 AM

At our third annual Wombat Wisdom Conference last week in Pittsburgh, PA, attendees had the opportunity to hear from keynote speaker Lesley Marjoribanks, Security Awareness Manager at the Royal Bank of Scotland. She shared some valuable lessons learned in the planning and rollout of the security awareness training initiatives delivered to RBS end users. In the event that you were unable to join us, here are some of the pieces of advice she had to offer:

Read More »

Carrot vs. Stick: Determining the Best Path for Your Program

Posted by Gretel Egan on Sep 6, 2017 1:24:06 PM

We know it and you know it: Dealing with end-user mistakes is costly. From employee downtime, to remediation costs, to the potential spread of malware or ransomware, to IP and confidential data walking out the door, there are real dollars tied to cybersecurity errors. Employees who make those mistakes genuinely impact your business’s bottom line. And if they do it more than once...well, that just compounds the problem.

Read More »

Social Media Hauntings: Students and Job Seekers Beware

Posted by Gretel Egan on Aug 30, 2017 12:50:54 PM

When I was a kid, there was a lot of collective fear among my fellow students at the idea of infractions going on a “permanent record.” This nebulous threat from parents, teachers, and administrators had many of us thinking — and fretting — about the types of behaviors and activities that could potentially be tied to us for eternity. (We were easily fooled. What can I say?)

Back in the olden days (i.e., the pre-internet years), we worried about the ramifications of an essentially baseless behavior log that we never actually saw with our own eyes. Interestingly, today’s most frightening form of a permanent record is the one that kids and adults alike are creating for themselves on social media. Unfortunately, bad decisions shared on these forums can haunt users for years to come.

Read More »

Security Awareness Training: Why ‘Us vs Them’ Is a Lose-Lose Situation

Posted by Gretel Egan on Aug 24, 2017 3:39:31 PM

Good idea: Applying gamification techniques to your security awareness training program. This type of lighthearted, healthy competition between departments can help engage participants and leave employees feeling empowered and rewarded.

Bad idea:  Approaching your security awareness training program with a ‘you vs. the end users’ mentality. This mindset can breed resentment and distrust — on both sides — and undermine your efforts to build a more secure culture.

Read More »

Scrap Learning: Why All Security Awareness Training is Not Equally Effective

Posted by Kym Harper on Aug 16, 2017 9:54:47 AM

While end-user training for secure behaviors has experienced an uptick in interest and legitimacy versus technical-only solutions among CISOs in recent years, not all security awareness training is created equal.

Read More »