Meet the Cyber Security Awareness Team: Dane

DaneIn our ongoing contributions to Cyber Security Awareness Month today we’re launching a two-part series designed to introduce you to some of our team.

For those who have been fortunate (unfortunate) enough to be on the receiving end of one of our phishing simulations, interacted with our microlearning modules, or training materials, you likely are unaware of some of the minds behind them. 

That’s why we’ve put together some brief interviews so that you can become more acquainted with people that power our security awareness training programs.

Well, that’s at least what we told them. In this week’s special Let’s Make a Phish video we’re reintroducing you to our senior training manager, Dane. Along with some insight into his contributions to our security awareness training program, we gave him some questions that threat actors would love to gain access to in order to develop targeted phishing emails. Oops. Fortunately for Dane most of his answers wouldn’t be very helpful for a threat actor. Purposeful, genius, or does he just really love Taco Bell?

Common Security Questions

  1. Favorite college team?
  2. Best place to get food around town?
  3. Where are you originally from?
  4. Favorite vacation spot?
  5. Dog or cat person, and why?
  6. Favorite Book?

Do these all sound familiar? Of course they do! Many online accounts allow users to reset their password or gain access to their accounts by using one or a combination of security questions. In today’s ever-expanding digital footprint we often freely give out this information on social media, blogs, and unfortunately in the endless amount of data breaches that users can’t control.

While we did attempt to trick Dane, he fortunately gave us vague enough answers in a way that the information isn’t likely to be used against him for phishing attacks. However, that is simply not the case for most users.

The solution? Train users to use imaginary answers as keys to this, so regardless of a data breach or tweeting, a threat actor can’t use that against your users. Incidentally Dane did a pretty good job of sharing similar example types.

Article Link: