Cybersecurity Education

Read articles about security awareness, risk management, behavior change, and more

Categories:

Resource Hub

Research

Stories

News

Education

Featured Article

What is Quishing? Ultimate QR Code Phishing Prevention Guide

How quishing is being used in attacks, what these threats look like in the wild and best practices for avoiding them.

Read the article

Topics:

8 Social Engineering Defense Strategies (with Dr. Jessica Barker)

Stop deepfake, smishing & vishing scams with 8 proven tactics: Feel→Slow→Verify→Act, no approvals in live calls, out-of-band callbacks, and a reporting culture.

The art and chaos of starting a new leadership position

Fantasy football can teach us how to learn stop worrying and love the art and chaos of starting a new leadership position.

Why the Wall Street Journal got it wrong: Phishing simulations work when done right

Recent research published in the wall street was correct: bad phishing simulations produce bad results. So what now?

CISO Fantasy Phish Bowl 2025: Week 1. Game on!

The CISO Fantasy Phish Bowl 2025 brings together some old friends and new joiners. There's one heavy absence: Shawn Bowen, to whom this year's Phish Bowl is dedicated. Here's to you, Shawn!

Phishing Simulation Best Practices: 2025 Playbook

Phishing simulation best practices with real case results from Bird & Bird - ethical lures, instant feedback, and KPIs that drive reporting.

Best Phishing Simulation Tools for Enterprises (2025 Edition)

Best phishing simulation tools for enterprises (2025) - AI-powered, gamified platforms with multi-vector realism, SOC integrations, and risk dashboards.

The art and chaos of starting a new leadership position

Fantasy football can teach us how to learn stop worrying and love the art and chaos of starting a new leadership position.

Why the Wall Street Journal got it wrong: Phishing simulations work when done right

Recent research published in the wall street was correct: bad phishing simulations produce bad results. So what now?

CISO Fantasy Phish Bowl 2025: Week 1. Game on!

The CISO Fantasy Phish Bowl 2025 brings together some old friends and new joiners. There's one heavy absence: Shawn Bowen, to whom this year's Phish Bowl is dedicated. Here's to you, Shawn!

Phishing Simulation Best Practices: 2025 Playbook

Phishing simulation best practices with real case results from Bird & Bird - ethical lures, instant feedback, and KPIs that drive reporting.

Best Phishing Simulation Tools for Enterprises (2025 Edition)

Best phishing simulation tools for enterprises (2025) - AI-powered, gamified platforms with multi-vector realism, SOC integrations, and risk dashboards.

10 Cybersecurity Awareness Month Ideas (2025): Activities & Tips

Cybersecurity Awareness Month ideas that work: run a focused 10-day campaign, launch phishing simulations, boost MFA adoption, and use our 2025 toolkit.

The difference between a security awareness manager and a human risk manager

The Human Risk Manager controls the process of identifying, evaluating, and mitigating the cybersecurity risks associated with people.

NIS 2 Checklist CxO and Board of Directors

This NIS 2 Checklist gives the compliance basics for the CxO and Board of Directors to satisfy this European cybersecurity regulation.

Top 10 costs of phishing

The top 10 costs of phishing are direct, indirect, and far reaching.

Why building a strong security culture is vital for reducing human risk – Hoxhunt

Noora Ahmed-Moshe's presentation to an exclusive group of CIOs at Kocho View in London explains why building a security culture is vital to reducing human risk.

Infographic: Make-or-Break Phishing Metrics

How to measure and drive behavior change that shields your organization from cyber-attacks.

Biggest hidden risk in cybersec: missed phishing simulations

In the world of cybersecurity, the unknown represents your biggest risk. A miss today is a phish tomorrow.

Are phishing tests enough to measure resilience? - Hoxhunt

Infrequent phishing tests are still popular for measuring an organization's resiliency. Are they good enough or do you need to step up your training game?

One Click Away From Disaster: Why Cybersec Behavior Matters

Without practice, people won’t know what to do with a dangerous email. Through continuous training, you can reinforce the right behavior in cybersecurity.

A Guide to Cybersecurity Awareness Training for Your Employees

Today, cybersecurity awareness training for your employees should be just as important as defense technology. Learn how to train your employees better.

What is A Spear-Phishing Attack and How Do You Recognize It?

Learn what spear-phishing is, how it works, and how it's different from regular phishing. Recognizing spear-phishing attacks enables prevention!

Hit and run phishing attack

The hit and run phishing attack plays on a specific anxiety. Read about this new widespread phishing attack and learn tips to stay off the hook!

5 Ways to Prevent Business Email Compromise Attacks

Attackers target CEOs in BEC attack, the most lucrative phishing attack of all; learn 5 ways to prevent Business Email Compromise attacks.

Why Business Email Compromise Attack Is The King Of Cybercrime

Phishing and BEC attacks are still the kingpins of cybercrime despite the headline grabbing ransomware attacks of 2021. Learn how to prevent them.

A phish named malware: Email verification scam

Email verification malware phishing lets bad actors blast out malicious links en masse using tools that get more phish past email filters

Secure message phish: Login to get scammed

The rise in secure messaging services' popularity has come with a rise in secure messaging phishing email scams. 6 tips to stay off the hook!

Report: SaaS permissions leave huge amounts of data exposed

Your SaaS suite is leaving your backdoor open. Here's how to fix it.

Log4J Log4Shell vulnerability explained

Log4J Log4Shell vulnerability explained to help you understand what it is and how to stay protected

Default Guest settings Azure AD

A security vulnerability was recently reported in the default guest permissions of Microsoft Azure Active Directory. Here’s how to fix it and stay safe from attackers.

External email warning banner phish

This phishing email was sent from outside the organization but is replacing the Caution! External Sender banner with a safe sender banner.

Update regarding the Apple iOS Mail App Vulnerability

Apple just recently confirmed the most significant vulnerability in iOS history after ZecOps made a public announcement about their discovery of a security flaw.

iOS Mail App Security Flaw

According to security researchers, the iOS mail app, which is the email client that can be found on most Apple iPhones and iPads, has a severe security flaw making it vulnerable to attacks.

8 Social Engineering Defense Strategies (with Dr. Jessica Barker)

Stop deepfake, smishing & vishing scams with 8 proven tactics: Feel→Slow→Verify→Act, no approvals in live calls, out-of-band callbacks, and a reporting culture.

Is Your Social Engineering Training Actually Working?

Your ultimate guide to the process behind social engineering training and all of the tips and know-how you need to ensure your training successfully changes behavior.

Vishing Attacks Surge 442%: Here's How We're Simulating Them

Vishing attacks are spiking, and they’re powered by AI voice clones and social engineering. Here's how to prevent vishing with real-world tactics and simulation-based training.

Advertisers Beware—How Scammers Are Getting Into Your Ad Accounts

From Spear-Phishing, to Credential Harvesting, To Possible Ad Fraud. Keep Reading To Find Out How This Story Unfolded and How You Can Avoid Getting Caught.

Social engineers are targeting social media accounts

We're seeing an uptick in social engineers targeting social media accounts

The good, the bad, and the ugly about browser fingerprinting

Now that cookies are on their way out, a much sneakier way of identifying you is on its way in.