Sharing and reusing passwords is one of the easiest ways hackers can gain access to your online accounts. A recent data breach at a water treatment plant in Florida — where a hacker attempted to poison the water supply — was due to the fact the facility’s computers shared the same password for remote access.

Throughout my career in cyber security, I’ve heard some pretty wild stories about places people keep their passwords. So I asked the online community on LinkedIn and Spiceworks to share their wildest answers for the best place to store a password.

The response we received…


We hear about security culture a lot, and we know it’s important, but why is building a culture of security so essential for your organization?

In order to understand what security culture is, we need to grasp what the term culture actually means. Culture is the beliefs, rituals, stories, arts, interactions among a group or society — basically how people interact with each other and what they expect in a group setting. You cannot have a culture without a group of at least two (2) people.

But what does culture really mean when it comes to security awareness training, and…


We’ve all been through fire drills in our lives, probably since our early days back in elementary school. Single file, walk, don’t run, then meet outside across the street or by the flagpole — it’s the same routine every time.

OSHA doesn’t require fire drills, but your local fire code enforcement, office building, or insurance carrier may mandate you to hold them periodically. Heck, our office space at the Atlanta Tech Village even gives us ice cream (pre-COVID) when we all went through the motions!

If you are required to conduct fire drills, shouldn’t you know why you are doing…


In .66 seconds, the term ‘data breach’ returns more than 144 million results on Google. As professionals in the industry, we hear about it every day, but I want to dig into what this really means for the world at large, together.

A data breach as defined by the Information Commissioner’s Office is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.’

There are two words we’re focusing on here, and they are destruction and loss. From there, we’ll get to the happy part… I promise!

Destruction from a data breach

Traced back to a Chinese intelligence group seeking to learn more about U.S. citizens, Marriott’s infamous breach was not uncovered until 2018, four long years after their network was first compromised. …


Back when I worked in the division of student affairs, I came across an unsettling report from our university’s police department. One of my students (let’s call them ‘Jamie’) became a victim of a long and convoluted scam where a hacker pretended to be from the IRS.

It involved phishing, vishing, Apple gift cards, Uber, a statehouse, a university police department, and… me. The total damage? Jamie was out $10,000 in the form of five, untraceable $2,000 gift cards.

How did Jamie fall victim to this phishing gift card scam?

It all began with an email Jamie received with the following subject: “IRS URGENT: IMMEDIATE ACTION REQUIRED”

Jamie read “the Internal…


Our employees are typically the first set of real eyes for what’s coming in the door. IT teams are understaffed and overwhelmed by the continued risk of phishing attacks hitting each and every one of their employees. They need help to spot phishing emails as they arrive.To help, today Curricula launched a new service designed to gamify the phishing reporting experience for employees.

Now, Curricula customers can catch DeeDee, Curricula’s villain AI hacker, in the act by reporting one of her simulated phishing tests. Employees are then rewarded in the Curricula app and sent a positive note from DeeDee for…


5 years ago today on March 9, 2015, I remember waking up and having no idea what I was doing. I mean I had a broad vision of what we were building at Curricula, an education company that will change the way people learn about cyber security. Our initial focus was with utilities in North America to help protect our nation’s critical infrastructure. That idea soon turned into something much bigger than I expected. I started Curricula after a 7-year career at NERC, the agency responsible for securing our nation’s power grid in North America. As a cyber security advisor…


Are you in search of a security awareness training program to help educate your employees on cyber security best practices? There are lots of options and you may even be deciding on developing one yourself vs. choosing a vendor. Most organizations face a tough realization to move beyond trying to develop an entire security awareness program by themselves. This is because most organizations don’t have the expertise, design resources, educational knowledge, software, and/or infrastructure to develop an effective security awareness program on their own. …


All of these GDPR notices are overwhelming. Unless you have been living under a rock, you already know that May 25th 2018 is the date that organizations must be in compliance under the new directive called General Data Protection Regulation. In short, GDPR is a compliance regulation designed to help data protection and increased privacy for all individuals within the European Union. With all of the good intentions behind GDPR, comes some really bad situations for everyone, including the people it is intended to protect. …


Business Email Compromise attacks, otherwise known as BEC attacks, are when a hacker gains access to a corporate email account, then uses that account to trick employees, vendors, or partners into transferring funds out of the organization. These scams are a growing threat and businesses across the world must be aware of how to prevent BEC attacks. With a simple targeted email, hackers successfully scam thousands of organizations each year resulting in billions of dollars in losses, all while remaining under the radar. We are going to discuss some strategies your employees can use to prevent business email compromise attacks.

How Business Email Compromise Attacks Happen

Curricula

Curricula is a fun online training platform with a focus on simple cyber security awareness training.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store