Recent searches
Search options
Look, it's good for employers to have things like brief, basic IT security primers - but when you don't understand users and/or think this stuff is intuitive, you may not be helping 
Like, sure, tell people they can make a strong password by taking the first letters of a phrase they can remember, but if you then proceed to tell them to also include numbers, special characters & caps, help them remember that, too; it can be hard to remember where in a 12-14 char. string you put that stuff. 
- and if you tell people to call the sender if they get a suspicious email, emphasize to NOT use contact info from the suspicious email; most people will just use the phone # in the signature if not told not to.
As for emails from suspicious domains, or links with suspicious URLs; from long experience I can tell you that these things are alien to most people so if you aren't specific, they have no idea what "suspicous" means in that context.
- and if you correctly point out
how phishing etc. often plays on urgency to lower your defenses, remember to then also remind people that almost nothing is ever that urgent.
Above all, always remember that almost everybody is on a sliding scale of "out of their element" when using a computer. The most important ITSEC measure is helping people move that slider in the comfortable direction & the best way of doing that is helping people realize they're the masters of their machines & not the other way around.