Six weeks from now, I will be teaching a series of security classes to 800 end users. I want to know what you think every staff member should know about security.
Users are often the weakest link in our environment. Your staff and mine could benefit from additional training. After this class wraps up, I will be posting all of the materials so that you can teach your own class quickly! This will include the presentation, speaking notes, attempted jokes, and any labs that we do. This class format will be mostly instructor led/lab based (every attendee will have a computer). Total time per class is about an hour max.
Right now, we will be covering:
- Why security actually matters?
- Security in depth
- Examples of major breaches caused by one compromised account
- Creating Strong memorable passwords – the XKCD method.
- Keeping passwords secure / using unique passwords
- Using password managers
- Public vs Private computers/networks
- Locking vs signing out
- Why you didn’t win one million dollars from an email – AKA Phishing and Spam
- Why IT will never tell you to enter your password on a Google form – AKA Phishing websites
- Using ad blockers
- Why you are not an administrator (and neither am I)
- Updates really do matter
- How to not install a virus
- Detailed graph showing virus/download button correlation
What am I missing? What do you wish your staff knew? Should topics like MFA or encryption be covered? This class is still very much in flux (materials will probably start sounding more professional). Although it can be a bit technical, it should stay fun and memorable.
This page will be updated with your ideas and as the materials come together.