Welcome to 2019 Cyber Security Awareness Month.

Q2 is an NCSA Cyber Security Champion. As Q2’s Chief Security Officer, this is my third year participating, and I’m ready to share my insights each week over the next month.

This week I will discuss how Q2 protects your brand with our multi-layered security approach by training and educating our employees to detect fraudulent social media campaigns.

About six years ago I moved to a new neighborhood in Lincoln, NE that has seven ponds. I was not a fisherman, so I had to invest in fishing poles, a tackle box, tackle supplies, and many other fishing tools.

I was a rookie at fishing at the time and did not invest wisely. I later learned that each pond has a different species of fish, so it requires a different fishing lure or bait. Fast forward six years and I now have 12 fishing poles, two tackle boxes full of different lures, and three nets. I also became a vermiculturist (worm farmer). Look it up on YouTube.


When I first started at Q2, I inherited a training and phishing management system from my predecessor. I was new to the organization, so I decided to continue using these systems. Three years later, Q2 has acquired four different companies, become a global company, and grown to over 1,300 employees.

It was time to invest in new tools. I did my research and talked to a lot of industry experts and decided to invest in KnowBe4, the world’s largest security awareness training and simulated phishing platform. They have proven to be a good partner as the scores for our overall security and prevention of phishing campaigns have improved.

Training employees is another level of security Q2 invests in to ensure we are protecting client data. Just like fishing at my ponds in Lincoln is a continuous learning process and requires investments in new tools, phishing attacks are constantly changing and require Q2 to take the same approach on employee training. We will continue to test our employees and invest in new tools.

Before you click, remember "Stop. Look. Think."

Fortunately, you don’t have to become an expert angler to stay safe. Before you click, remember "Stop. Look. Think." Ask yourself:

  • Is there a sense of urgency?
  • Is this unexpected or unusual?
  • Am I being asked to take a specific action?
  • Is this email from an unknown sender?

If you answered 'yes' to any of these questions, consider either deleting the message or following your organization's procedures for reporting suspected phishing messages.

This is my second blog for Cyber Security Awareness Month on how Q2 protects your brand with our multi-layered security approach and includes training our employees with a security-first approach.

Thank you for participating and Happy Cyber Security Month.


Written by Q2