Skip to content

Security is in your hands image

95%  of all successful cyberattacks start with human error according to the IBM Cybersecurity Intelligence Index. That would make it pretty important to periodically evaluate and increase your own awareness of Information Security hygiene and awareness. 

Information security is one of the fastest-changing fields in the world. New technologies emerge every day that change the way people attack and defend systems and networks. While professionals in information security are required to be in a constant state of learning to keep up with the field as a whole, those without day to day dealings tend to be the primary targets and the least informed. Being aware and informed enables everyone to protect themselves. Staying informed is simple, there are a wide range of awareness organizations and individuals dedicated to reaching outside of the information security community and enabling everyday users to secure themselves, their data, and thereby their organizations. 

 

Awareness Companies

Security awareness training should be a high priority for any organization. To facilitate effective awareness training, a number of companies focus on providing awareness training as a professional service, often using computer based training. Companies such as Habitu8, SANS, KnowBe4, and Security Ninja focus on providing awareness training packages to organizations who want to inform and educate their employees. These packages are frequently integrated into something called a learning management system (LMS). An LMS is something like Blackboard. Other free resources are also available and essential to reaching people both inside and outside the Information Security community. Free websites often feature webinars, talks, and videos. You can ask your organization or awareness training coordinator what resources are available to educate yourself. (At GW, you can email infosec@gwu.edu for more resources or to request training for your student organization or department.)

Free training resources
Reading and news: https://www.sans.org/security-resources/
Test your knowledge and learn: https://www.khanacademy.org/partner-content/nova/cybersecurity/cyber/e/cybersecurity-101-quiz

 

On the Web

While organized and mandatory awareness training can be effective, it isn’t the only way to reduce risk and stay up to date on cybersecurity. There are an abundance of websites, blogs, and other informational pages freely available to all. Cybersecurity is often in the news as well, it is worth noting that it comes up more and more often. 

One website run by Troy Hunt, Have I Been Pwned not only allows users to check if their email has been associated with a data breach, but also stay up to date on data breaches happening around the world. Hunt’s website provides information on hundreds of breaches that may impact you or your family and can often provide the early warning you need to change your passwords before your accounts are stolen. In addition to providing a breach checking service, the site also offers a way for users to check their password against the ever growing list of compromised passwords that Hunt maintains, and if you are unsure of how to choose a secure password look no further than the same page for guidance.

Credit monitoring services like Credit Karma and Equifax also offer services the track your exposure to identity fraud or a credit data breach.

Many information security websites can be so technical that they drive less informed readers away, but don’t let that discourage you. Brian Krebs an investigative journalist runs a site called Krebs on Security where he writes about the most recent information security news. Krebs provides in depth coverage of ongoing stories that far surpass traditional news media coverage. He achieves this without alienating less technical readers with overly complicated and technical language and articles. Krebs on Security provides a good way for the average user to stay up to date on relevant topics in the information security space.

As social media has gained popularity, more and more professionals are turning towards it to keep informed and spread their message. It may come as a surprise to some that there is a large information security community on twitter, but it is one of the best places to keep up with the latest in security news. While some may think that only information security professionals should be following each other on twitter, everyone can benefit from the discussions, news, and events that are posted all over the #infosec twitter space. Users will frequently post links to free webinars, blogs, and conferences covering a wide range of topics that would help even the least technical user remain aware and informed. Big names on twitter such as Jake Williams (@MalwareJake), Brian Krebs (@briankrebs), Troy Hunt (@troyhunt), and Lesley Carhart (@hacks4pancakes) provide a constant stream of information security news, issues, and tips to benefit everyone. Organizational Twitter accounts like the National Cyber Alliance (@StaySafeOnline) and SANS Internet Storm Center (@sans_isc) also provide comprehensive and consistent updates to the cybersecurity student and professional. Don’t be afraid to use less traditional methods such as Twitter and social media to educate and protect yourself.