Phishing awareness
Today marks the end of a long but successful week. We've been slogging away at the phishing awareness topic for October's module, picking out the key issues, coming up with the awareness messages and figuring out the stories to tell.
Despite technology being such a small part of phishing, it plays an important part that we can't just ignore. Multi-Factor Authentication, for example, is increasingly being used by organizations that care about identification and authentication, so workers are quite likely to have at least heard of it, even if they are not actually using it as yet. Explaining what MFA is would set them up to appreciate what it means when they are offered or required to accept it.
At the same time, MFA is not a universal or ultimate solution. Managers and professionals should appreciate that there are pros and cons to implementing MFA, and lots of choices in exactly what form of MFA the organization might adopt ... but explaining all that in detail would divert or distract attention from phishing, the main subject.
Fortunately, we don't need to delve too deep. The rolling monthly sequence of topics means we can pick up on MFA and other aspects another time, without feeling guilty about just skimming over in October.
By the same token, although we haven't delivered an awareness and training module purely on phishing for some time (too long really), we have mentioned/skimmed it repeatedly, several times a year in fact, in the course of covering other topics such as email security, Internet security, malware, social engineering and fraud.
That's enough for now. Time for a break, re-girding our loins prior to finalizing and polishing October's materials next week.
Which reminds me, why are loins girded anyway? What's that all about, Google?