Keen to the importance of not simply clicking on any email I receive in my inbox, I recently received a message with a subject line I could not resist: "Kevin Mitnick Security Awareness Training." For those unfamiliar with Kevin Mitnick, he is a world-famous hacker and engineer, now turned author and security advocate. My curiosity was piqued.
In this case, the email was no social engineering scam. The training is legit, and the concept is simple: When it comes to protecting your organization from security breaches, your
users are your weakest link. We've known this for years. No matter what technology you put in place to protect your environment, your users need to know the basics:
never give out their password, never pick up a USB keychain in the parking lot and plug it into on your network, never open the email that says it is from their bank or, worse, a bank they never recall using.
