cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TH6
Newcomer I

Personal Security Awareness

Hello Community.  Looking to spend 15 minutes providing "Personal CyberSecurity Awareness" training to fellow co-workers.  Was wondering if anyone had any useful resources to share on that topic.

 

Thank you.

8 Replies
rslade
Influencer II

> TH6 (Viewer) posted a new topic in Privacy on 03-19-2021 04:45 PM in the (ISC)²

> Hello Community.  Looking to spend 15 minutes providing "Personal CyberSecurity
> Awareness" training to fellow co-workers.  Was wondering if anyone had any
> useful resources to share on that topic.   Thank you.

Make a backup.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
denbesten
Community Champion

Krebs 3 rules has stood the test of time.

tmekelburg1
Community Champion

I like these and sometimes put them up around the office: SANS Security Awareness 

TH6
Newcomer I

Thank you very much!
CISOScott
Community Champion

Don't take those stupid quizzes!

 

Seriously, my wife has several friends on social media (we share social media accounts as it confuses the algorithm [not really, the matrix can figure out which phone or computer we are using most of the time]) and they love to post the results of these supposedly "fun" "quizzes" or "games" which give away security questions. Here is an example:

 

"Your actor/actress name is your middle name and the street you grew up on." Mine is Oscar Hollywood. (not mine by the way.)

 

Or

 

Your street name is, pick from a list. They then give a list of months with names next to them like January=Doggy, a list with 31 numbers on it, for supposedly your birthday so 1=Mixtape and the last thing you ate, i.e. Nachos so you end up with something like Doggy Mixtape Nachos. Sometimes they try to make it less obvious by using things such as your Chinese new year animal or your birthstones. Also throw in your Zodiac sign too.

 

it also should be a crime to post anything with this statement in it " 97% of people will ignore this, and only 3% of people have the courage to post this. I know who the strong ones are." Stop trying to guilt people into oversharing things.

 

A lot of your information is already out there, but don't make it insanely easy for people to gather it. Especially information that wouldn't normally come up in conversations like what street you grew up on or your middle name.

CISOScott
Community Champion

When I was doing new employee orientation I used to have a "crash cart" that I would wheel in to the back of the room with a laptop and some wi-fi sniffers on it. I would gather the names of SSID's the new employees phones were beaconing for. When I started my presentation I would ask "Who's phone normally connects to " and shout out some of the more personal SSID's of people's home routers.  People were shocked that I could pick up that information from the classroom. 

 

Other times I would ask, "How expensive does a hacker's set-up have to be?" Then proceed to show them how I could do a lot of information gathering for under $150.

 

When doing presentations, keep it interesting. Do not drone on and on about the dangers of "hackers". Give them some real life examples of information sharing gone bad.

 

I would also offer up the opportunity to come up to the Cyber Security Office anytime they wanted and speak to any of my techs or me if they wanted to ask anything about cyber security. You want to be approachable. You also will want to know what they want to ask you. Ask them what questions they want to ask you. Use real-life examples if you can. During this new employee orientation, we also told them that, even after being warned not to plug their phones into the work computers, that someone from the class would be in my office before the month was out asking for their computer NIC, their network switch port, and their account to be unlocked because they had violated company policy and hooked up their phone to their company computer.  Yes, we had protocols that if your computer violated protocol we would block your MAC, lock down the port you were using on the switch and lock your user account. All of which could only be undone by coming up to the cyber office, sitting through a refresher course on infosec, and then having your account reset. It never failed. We routinely had someone from every class in there.  I would always gather their excuses to try and use in future classes and also to try to understand why. Most of the time it came down to "I forgot" or "Well I was just going to charge it! I wasn't doing anything with it." but sometimes you got the "Well my son came in to work to see me and hooked up his phone to charge it."

TH6
Newcomer I

Thank you for the information and ideas CISOScott!

 

 

rslade
Influencer II

> CISOScott (Community Champion) posted a new reply in Privacy on 03-22-2021 04:44

> " 97% of people will ignore this, and only 3% of people have the
> courage to post this. I know who the strong ones are." Stop trying to guilt
> people into oversharing things.

Please retweet this posting to prevent Canadian overphishing of American
silverfish stocks.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468