Security Awareness Month - Resources For Everyone

Author Elaine Harrison-Neukirch

In October of 2004, the National Security Alliance and the Department of Homeland Security launched National Cybersecurity Awareness Month. The goal of this project is to educate the public about protecting themselves from cyber threats, scams and malicious actors. Over the years, many organizations have participated by creating free resources and social media posts.

What is Security Awareness?

Security awareness means having the knowledge to protect yours and/ or your organization's assets. Some assets include:

• Personal information

• Financial data

• Patient information

• Computer systems

• Mobile and internet connected devices

The Cybersecurity Awareness Month campaigns & free resources target different groups:

• Organizations and their employees

• Parents & Students

• General public

Many larger organizations have some type of security awareness program in place. However, small businesses, parents, students and the general public may not know how to find security awareness education resources. Increased security awareness empowers these groups to protect themselves from many cyber threats including:

• Fraud

• Social media scams

• Cyber bullies

• Identity theft

• Ransomware

• Stalkerware

• Data Theft

• Insider Threats

• Phishing

NIST has published a page that lists free and low-cost security awareness training resources. There are several sections which appeal to all of the audiences previously mentioned.

Organizations and Employees

1. Creating a security awareness program can be a daunting task. SANS offers resources to make this less painful. The SANS Security Awareness Planning Kit contains guides, templates, matrixes and checklists. I have used this resource when I struggled with how to begin creating a program.

2. CISA (Cybersecurity & Infrastructure Security Agency) offers Cybersecurity Awareness Month Resources. This page contains themed weekly plans for security awareness emails, social media posts and tip sheets. There is also a presentation available to be shown to employees.

3. During the virtual conference GRIMMCon 0x5, Nicole Hoffman gave an original and captivating talk about Business Email Compromise. Jinkies this Email looks Suspicious, at GRIMMCon's 0x5 virtual conference. This is publicly available on YouTube.

Parents & Students

1. PopCykol (Protecting Our Precious Curious Kids Online) is a new company, founded by Teressa Gehrke. Teressa is creating content that teaches Cyber Security to children in a fun and interactive way. Her videos are original and educational. This is a new endeavor so check back for more content. Better yet, subscribe to PopCykol emails for tips and notifications of new content.

2. CISA's Stop.Think.Connect Kids Presentation

3. Cyber Start America is a free interactive cyber security training site for high school students. Training begins October 27th, be sure to register prior to that date.

4. SANS Securing Your Home and Family offers educational videos in multiple languages.

   1. SANS Protecting Your Kids Online

   2. SANS Creating a Cyber Secure Home

5. Protecting Your Kids Online was created by the Federal Trade Commission. The page covers topics such as talking to your kids about cyber bullying, sexting, computer security social media and virtual worlds (gaming). There is information and downloadable PDF guides to help parents along the way.

General Public

The resources listed below are just a few that are available. They are a good starting place for those who are not familiar with Cyber Security.

1. Cybersecurity Alliance Stay Safe Online

2. Stop. Think. Connect Toolkit

3. SANS Security Awareness Work -from-Home Deployment Kit

4. Cybersecurity Alliance Tip Sheets

5. Sans Ouch Newsletters

6. FTC – Privacy, Identity & Online Security

7. NIST-Free and Low Cost Online Cybersecurity Learning Content

Conferences

October is packed with free virtual cyber security conferences. These may appeal more to the cyber security professionals. However, even non professionals can learn something new at these conferences.

1. Security Metrics Summit 2021

2. Day of Shecurity

3. DFIR DIVA is a fantastic resource for free and low-cost training. October’s free conferences can be found here.

Continuing Education

Security awareness education should not be restricted to only October. It is our responsibility to continuously learn about security. The threats and dangers of the online world are constantly evolving. If we are to stay ahead of the game, education is a must. This applies to all audiences including cyber security professionals.

About the Author: Elaine Harrison-Neukirch has over 10 years of experience in cyber security working in the healthcare and financial services industries. She currently runs the customer support program at SCYTHE. Elaine advocates for Women in Cybersecurity; she is a member of both Women in Cybersecurity and Women’s Society of Cyberjutsu.

@rubysgeekymom