News

Security awareness tips, industry news, and product updates.

A hiring manager conducting a remote video interview on a laptop
Phishing & Social EngineeringThreat Intelligence

Deepfake Job Interviews: Hiring Is Now an Attack Surface

North Korean operatives are using deepfakes and synthetic identities to get hired at Western firms. Unit 42 built a convincing fake candidate in about 70 minutes. Here is how to vet remote hires.

Natalie Hoffmann·7/10/2026·6 min read
Employee completing a short security training module on a laptop at their desk
Security Awareness Tips

Continuous Adaptive Training vs. Annual Checkbox Courses

Annual compliance training looks tidy on a spreadsheet, but the forgetting curve erases most of it within weeks. Here is why continuous, adaptive security awareness training drives durable behavior change.

Daniel Okafor·7/9/2026·7 min read
Importing employees from a CSV file
Security Awareness TipsProduct Updates

User Management, CSV Import, and Employee Onboarding

empowsec makes it easy to add employees one at a time or in bulk via CSV, organize them into departments and groups, assign granular roles, and ensure every new user receives a smooth onboarding experience with welcome emails and registration reminders.

David Kowalski·7/9/2026·8 min read
Business owner reviewing a cyber insurance application with security control documentation
Compliance & RegulationsFor MSPs & Partners

Cyber Insurance 2026: MFA and Training Requirements

In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.

James Thornton·7/8/2026·7 min read
Financial services professionals reviewing digital operational resilience requirements in a meeting
Compliance & Regulations

DORA: Security Awareness and Training Requirements

DORA is best known for ICT risk and incident reporting, but it also makes security awareness training a compulsory module for staff and management. Here is what financial entities must do, and how to evidence it.

Sarah Mitchell·7/8/2026·6 min read
Employee logging into an account using a password manager on a laptop
Security Awareness Tips

Password Managers and Credential Hygiene at the Office

Reused passwords plus breached credentials are the fuel behind account takeover. Here is how to roll out password managers and build credential hygiene that actually holds across your organization.

Rachel Andersen·7/7/2026·7 min read
Department-level training analytics
Compliance & RegulationsProduct Updates

Department Training Management and Compliance Digests

empowsec lets you organize employees into departments, give managers scoped visibility into their team's training and phishing results, and deliver weekly compliance digests so nothing slips through the cracks.

Natalie Hoffmann·7/7/2026·7 min read
Compliance officer reviewing ISO 27001 awareness program documentation during an audit
Compliance & Regulations

ISO 27001 Security Awareness Requirements Explained

ISO/IEC 27001:2022 expects more than a once-a-year slideshow. Here is what the standard actually requires for security awareness, and how to prove it to your auditor.

Natalie Hoffmann·7/6/2026·7 min read
Managed service provider technician monitoring client systems from a network operations centre
Threat IntelligenceFor MSPs & Partners

Why MSPs Are Prime Ransomware Supply-Chain Targets

Compromise one MSP and you can reach every client behind it. Here is why managed service providers are prime ransomware targets, and how to harden against it.

Thomas Eriksson·7/5/2026·7 min read
Reviewing employee-reported emails
Threat IntelligenceProduct Updates

Reported Email Review: Turning Employees Into Sensors

When employees report suspicious emails through the empowsec Outlook or Gmail add-in, those reports land in an admin review queue where security teams can classify each one and build real threat intelligence from what is actually reaching inboxes.

Marcus Chen·7/5/2026·8 min read
Employee processing a card payment at a point-of-sale terminal in a retail environment
Compliance & Regulations

PCI DSS 4.0 Security Awareness Training Requirements

PCI DSS v4.0 raised the bar for security awareness, naming phishing and social engineering explicitly. Here is what the standard now requires if you handle card data.

Lisa Brennan·7/4/2026·7 min read
Security and governance team reviewing AI policy implications around a conference table
Compliance & Regulations

EU AI Act: What Security and Awareness Teams Must Know

The EU AI Act is no longer theoretical. From the AI-literacy duty to deepfake transparency rules, here is what security and awareness teams need to act on now.

Daniel Okafor·7/3/2026·8 min read
« Previous1234567Next »