Some sage advice from the NSA was released today: Best practices for securing your home network:
Some pretty good tips from the NSA. One piece I wish the NSA would add is "reduce your footprint." Every home device is a potential vector of attack as is every app added to a phone. These are conversations I have in my house every day; I understand how difficult it can be to get people to think before they download. Keep it simple, keep it safe.
Someone from SANS was complaining that the document was too technical. I suppose that's not a surprise, coming from an agency who thinks they winnowed the Special Publications into a "Top 20"
@ericgeater I tend to agree with SANS. If one reads this as a "techie" or "Security person", it is very straight forward.
However, if one puts on their, "I am just a joe user hat", a number of the topics become too technical. If NSA used this as a basis to train folk, it would be ideal but when I talk to Seniors (my new task in life), MANY do not understand WPA 3 or 2 and their eyes gloss over.
Great information for those putting together a security awareness program for home users.
... if one puts on their, "I am just a joe user hat", a number of the topics become too technical....
I agree. We really need to be treating home networks and smart phones like the consumer devices they are. Like any other consumer products, we really should be developing the products to the point where we have have just two recommendations: Buy products with a good reputation and keep an eye on the "check engine/service soon" light.
"Best practices" documents, like this one are best geared to the professionals and should be used by manufacturers to implement "secure by default".
Also, we really ought to be holding manufacturer's responsible for providing "security/safety updates" for the advertised/expected life of their product, just like we do for vehicles and air fryers.
I often refer people to Kreb's 3 rules as a way of explaining this.
Excellent. I never saw those before. Especially in the context of trying to deliver "non-tech" or "low-tech" advice, I think this hits the mark. I think there remains a huge deficit in elementary and junior high education. As I say, by the time we professionals see these "kids" in the work place, they have a good 8-12 years of tech habits. I know the Center for Cyber Safety and Education had its efforts, but there is a real need for a full curriculum. Maybe other folks have had better experience, but if we are serious about workplace and home security (and there's not much difference between those two these days), the message needs to get into the schools.
These are some great piece of advise. but as mentioned by other previously it can quickly become to technical.
I started to have great experience using ChatGPT to explain basic network concepts for my documentation to higher ups.
A perfect use case for this is, to simply just ask "Explain XYZ to me as I am 10 years old"
best way to get the executives onboard and have a better understanding before making decisions.