Welcome to the SecAware blog

I spy with my beady eye ...

28 Sept 2018

NBlog Sept 28 - phishing awareness module imminent

Things are falling rapidly into place as the delivery deadline for October's NoticeBored awareness module on phishing looms large.

Three cool awareness poster graphics are in from the art department, and three awareness seminars are about done. 

The seminar slides and speaker notes, in turn, form the basis for accompanying awareness briefings for staff, managers and professionals, respectively.  

We also have two 'scam alert' one-pagers, plus the usual set of supporting collateral all coming along nicely - a train-the-trainer guide on how to get the best out of the new batch of materials, an awareness challenge/quiz, an extensive glossary (with a few new phishing-related terms added this month), an updated policy template, Internal Controls Questionnaire (IT audit checklist), board agenda, phishing maturity metric, and newsletter.  Lots on the go and several gaps to be plugged yet.

Today we're ploughing on, full speed ahead thanks to copious fresh coffee and Guy Garvey singing "It's all gonna be magnificent" on the office sound system to encourage us rapidly towards the end of another month's furrow.  So inspirational!  

We've drawn from at least five phishing-related reports and countless Internet sources, stitching together a patchwork of data, analysis and advice in a more coherent form that makes sense to our three audience groups. I rely on a plain text file of notes, mostly quotable paragraphs and URLs for the sources since we always credit our sources. There are so many aspects to phishing that I'd be lost without my notes!  As it is, I have a headfull of stuff on the go so I press ahead with the remaining writing or I'll either lose the plot completely or burst!

For most organizations, security awareness and training is just another thing on a long to-do list with limited resources and many competing priorities, whereas we have the benefit of our well-practiced production methods and team, and the luxury of being able to concentrate on the single topic at hand. We do have other things going on, not least running the business, feeding the animals and blogging. But today is when the next module falls neatly into place, ready to deliver and then pause briefly for breath before the next one. Our lovely customers, meanwhile, are busy running their businesses and rounding-off their awareness and training activities on 'outsider threats', September's topic. As those awareness messages sink in, October's fresh topic and new NoticeBored module will boost energy and take things up another notch, a step closer to the corporate security culture that generates genuine business returns from all this effort.

No comments:

Post a Comment