Time for You to Teach Security to End Users
You all had some awesome suggestions to make this security class a success! Below, you will find the PowerPoint that you can use to host your own user security class. Each slide has some additional notes at the bottom.
A few thoughts to help you out:
- 40 minute sessions work really well for my staff. That is long enough to go into detail for the big issues but short enough that we don’t bog down in technical stuff/cover too much too fast.
- Talking about security without a computer is like learning to drive from a book. Get everyone in front of a computer for your class. These notes have several mini-labs built into them.
- Your audience may be hostile. Most of my staff are teachers – who have to give up a planning period to attend a security meeting. Use any cheap trick that you can to sweeten them up. Food, dry humor, promises that you don’t intend to keep.
- Keep it fun and practical. Ad blockers can stop drive by malware but your staff will be more excited that it can stop auto-playing video ads.
Planning your own class? Any other suggestions on what to teach or the best way to teach it? Let me know in the comments below.
Six weeks from now, I will be teaching a series of security classes to 800 end users. I want to know what you think every staff member should know about security.
Users are often the weakest link in our environment. Your staff and mine could benefit from additional training. After this class wraps up, I will be posting all of the materials so that you can teach your own class quickly! This will include the presentation, speaking notes, attempted jokes, and any labs that we do. This class format will be mostly instructor led/lab based (every attendee will have a computer). Total time per class is about an hour max.
Right now, we will be covering:
- Why security actually matters?
- Security in depth
- Examples of major breaches caused by one compromised account
- Creating Strong memorable passwords – the XKCD method.
- Keeping passwords secure / using unique passwords
- Using password managers
- Public vs Private computers/networks
- Locking vs signing out
- Why you didn’t win one million dollars from an email – AKA Phishing and Spam
- Why IT will never tell you to enter your password on a Google form – AKA Phishing websites
- Using ad blockers
- Why you are not an administrator (and neither am I)
- Updates really do matter
- How to not install a virus
- Detailed graph showing virus/download button correlation
What am I missing? What do you wish your staff knew? Should topics like MFA or encryption be covered? This class is still very much in flux (materials will probably start sounding more professional). Although it can be a bit technical, it should stay fun and memorable.
This page will be updated with your ideas and as the materials come together.