Category Archives: Uncategorized

Training with images & videos? Yes, but good ones!

To improve our security and efficiency, we need well-trained people. It doesn’t have to be everything, but it should be enough to make their lives easier and/or safer. One of the difficulties nowadays is catching people’s attention, even at the office. Forget about long documents—maybe even short ones. When we, as people, want to learn something, we will probably turn to YouTube in the first place. Short educational videos and micro-learning aren’t just buzzwords; they are the current trend in self-education. So, why don’t we embrace the trend?

Let’s take just one example. What will create a better learning context: a cheat sheet with some Microsoft Windows shortcuts or this 47s video created by GUI ESP?

It’s clear, short, aesthetically pleasant, and likely more memorable than a list of keyboard shortcuts.

As another example, we designed a simple communication to remind our customers about this simple yet important behavior: locking your computer when you leave it unattended. We based communication on a simple gesture: hitting the Windows and L keys when you stand up (many people don’t know how easy it is to lock a computer, so they don’t do it systematically). Our main focus here is to teach them how to do it. As the key combination is the first thing you read and we associate it with the words “lock” and “leave,” we create a way to remember the key combination (a mnemotechnic) and when to perform it.

So, as always, think about KISSS (Keep It Simple, Stupid and Seductive) and aim at small and precise behaviour changes.

The Consumer Authentication Strength Maturity Model (CASMM)

A few days ago, Daniel Miessler updated the Consumer Authentication Strength Maturity Model (CASMM) to the version 6.

It is a great #visualization of consumers’ password maturity.

While we are sometimes still struggling with people using shared password or bad quality passwords, it will help show the path to more secure behaviours.

Also, it might create an anchoring effect and move the perceived norm for authentication to a higher level of maturity.

You can find the latest version of the CASMM on Daniel’s website:

Security Awareness Series from NCSA

In 2019, Adobe, the US National Cyber Security Alliance, and Speechless have partnered to bring you a series of security awareness videos. The plan is to release one video every other month starting November 2019. A total of eight videos have been released. 

Episode 1: Passwords
Episode 2: Data Handling
Episode 3: Compter Theft
Episode 4: Phishing and Ransomware
Episode 5: Removable Media
Episode 6: Vishing
Episode 7: Internet Downloads
Episode 8: Wi-Fi