Security Awareness Tips

Security awareness tips, industry news, and product updates.

Employee entering text into an AI chatbot on a laptop at work
Security Awareness TipsCompliance & Regulations

Shadow AI: When Employees Leak Company Data to Chatbots

98% of organizations report unsanctioned AI use, and most have no policy to manage it. Shadow AI has become a top insider data-loss risk — and it's a security awareness problem.

Natalie Hoffmann·6/17/2026·4 min read
An interactive security training lesson
Security Awareness TipsProduct Updates

Interactive Training Page Types in empowsec: Part 1

empowsec training is built from interactive page types - not static slides. Part 1 introduces seven of them, from simple info pages and accordions to graded quizzes, scenarios, and drag-to-match exercises.

Sarah Mitchell·6/17/2026·8 min read
Cross-functional team gathered around a conference table running an incident response exercise
Security Awareness TipsCompliance & Regulations

Tabletop Exercises: Rehearsing Your Incident Response

A real breach is the worst time to discover that no one knows who decides whether to pay a ransom. Tabletop exercises expose those gaps in a conference room instead of a crisis.

Marcus Chen·6/15/2026·7 min read
An employee reading a phishing debrief
Security Awareness TipsProduct Updates

Phishing Debriefs: Turn Simulations Into Teachable Moments

A phishing simulation without a debrief is a test with no feedback. empowsec debriefs close that loop by explaining exactly what participants should have spotted - in their own language, at the right time.

Sarah Mitchell·6/15/2026·8 min read
CISO presenting security program metrics to leadership in a boardroom
Security Awareness Tips

Security Awareness Metrics Beyond the Click Rate Alone

Click rate is the metric every program reports and the one that misleads most. Report rate, time-to-report, repeat-clicker reduction and the resilience ratio tell the real story. Here is how to measure and present it.

Lisa Brennan·6/14/2026·7 min read
Security team reviewing a human risk analytics dashboard in an office
Security Awareness Tips

Human Risk Management: Beyond Awareness Training Alone

Annual click-through training checks a compliance box but rarely changes behavior. Human Risk Management replaces it with continuous, data-driven, personalized risk reduction. Here is what that shift looks like in practice.

James Thornton·6/13/2026·7 min read
Employee reporting a suspicious email with one click at their office desk
Security Awareness Tips

The Report Button: Your Highest-ROI Security Habit

One click on a report button can turn every employee into a sensor and shrink an attacker's dwell time to minutes. Here is how to build the process and the blameless culture that make reporting reflexive.

Thomas Eriksson·6/12/2026·7 min read
New employee being welcomed and onboarded on their first day in the office
Security Awareness Tips

Security Onboarding: Protect New Hires From Day One

New hires are eager to please, unfamiliar with the norms, and disproportionately targeted by BEC and impersonation scams. Their first 90 days are the riskiest. Here is how to build security into onboarding from day one.

Elena Vasquez·6/11/2026·7 min read
Person signing in to a laptop with a fingerprint instead of a password
Security Awareness Tips

Passkeys: The Phishing-Resistant MFA Worth Adopting

Passwords and even push-based MFA keep falling to phishing. Passkeys close the door structurally because there is no shared secret to steal. Here is why they work and how to roll them out.

Natalie Hoffmann·6/10/2026·7 min read
Employee entering a login code on a laptop at an office desk
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Kali365 Phishing Service Targets Microsoft 365 Accounts

The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.

Marcus Chen·6/6/2026·9 min read
Security analyst reviewing a suspicious device login code on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Device Code Phishing Is Moving Into Criminal Toolkits

Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.

Marcus Chen·5/15/2026·8 min read
Driver checking a suspicious toll payment text message on a mobile phone
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Road Toll Smishing Scams: Lessons from Operation Road Trap

Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.

Elena Vasquez·5/15/2026·7 min read