Platform

Unify HRM Overview

Platform

Capabilities

Identify: HROC Dashboard
Human Risk Quantification (HRI)

Insights

Benchmarking

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report
Report
Measure progress and ROI of action plans

Board and Executive Reporting

Manager Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

January 30, 2018

Strava: A Curious Case for Security Awareness

Strava a case for security awareness

Strava: A Curious Case for Security Awareness

The Strava Fitness app is marketed as a tool that “connects the world’s athletes.” Meaning, it’s an application for most phones and GPS-enabled watches that hosts fitness clubs and triathletes, gym rats and track stars, sweat-junkies and granola types – all in one platform. The power of Strava is in its ability to collect enough information to fulfill any New Years Resolution. The downside is that it also manages to publicize location, contact information and fitness activities on a heat-map, amounting to some “three trillion GPS data points” worldwide.

One researcher recently discovered, for example, that members of the armed forces were unintentionally mapping global military infrastructure as they jogged or biked with Strava. This is a classic case of data privacy loss: sensitive information disclosed to unauthorized parties inadvertently. Strava did not intend for these data points to uncover sensitive military outposts, of course. But consent is a fickle friend. Once the risk was ‘franchised’ to Strava, the unintentional disclosure was outside of military control.

From a user perspective, this brings many different forces to bear: users feel like they have limited control of their privacy, passive control of their consent and little reason to change. Privacy settings in most applications typically default public, risk declarations are in fine print and data just feeds the beast, right?

If users are made aware of the implications of their data-made-public, they are far more likely to take advantage of the control they do have over their privacy and exert it in a way that matters. Practically, this looks like changing default settings to private, opting out of inappropriate data gathering and employing the ultimate failsafe (if privacy disrespected): app removal. In the workplace, this means waging culture change by way of powerful awareness activities that communicate to employees in language and methods they can intuitively understand.

This Strava scenario could live and die as a classic case of data privacy loss. Or it could teach us something… that even curious cases like a map of the global military-fitness complex is a reason to reclaim privacy now.

Living Security is a company committed to throwing out the security soapbox and taking a fresh approach to security awareness.

About Living Security

Our Mission

At Living Security, we reduce the #1 cybersecurity risk for enterprises, human error, through engaging and impactful security awareness training that is brought to life by innovative tech enabled experiences.

Living Security co-founders, Ashley and Drew Rose, recognized that traditional security awareness programs were failing to move the needle and it was time for a fresh approach. Our immersive training experiences engage the enterprise using science backed techniques to motivate behavior change and refreshed content that’s relevant for the current threat landscape.

Immersive Cyber Escape Room

Our innovative Cybersecurity Escape Room experience builds security awareness concepts into an engaging team experience people actually enjoy. Watch the video here.

Customized Cybersecurity Training At Scale

Online security awareness training platform leverages game based learning and a custom curriculum to make cybersecurity awareness training fun and effective.

Hosted Platform or SCORM Delivery

Our gamified training platform allows program owners to assign users training and track through completion and beyond. Our interactive video series are broken in to episodes that cover critical security awareness concepts through story based learning and interactive puzzles. Customize your program through the addition of role and concept specific micro-modules and incentivize completion through leaderboard challenges and rewards and recognition. Series and modules are also available in your SCORM packages for delivery on your LMS.